ssh without password interaction
OK, interacting with my build and deploy script
to enter the server password for scp was a pain, so I implemented dsa
authentication keys instead. Pretty easy.....
My Setup at the Time of
Writing: Client OS X 10.4.8, Server OS X
Server
10.3.9
Scenario: My local user name is kieran. The server has an administrator user name of 'theboss'
Instructions:
$ cd ~
$ ls -al
You probably have it already, but if you don't have a .ssh directory listed, create it
$ mkdir .ssh
Set the privs on your .ssh if not drwx------
$ chmod -R 0700 .ssh/
Now do...
$ cd .ssh/
$ ssh-keygen -t dsa -f id_dsa -P ''
This creates private and public keys without a passphrase
Now copy the PUBLIC key ONLY to the .ssh directory of the target user on the target host, for example
$ scp id_dsa.pub theboss@server.local:~/.ssh
Now log into the remote server as the target user
$ ssh theboss@server.local
Now...
$ cd .ssh/
Put your public key in the authorized keys file
$ cat id_dsa.pub >> authorized_keys2
Set the privs
$ chmod 0600 authorized_keys2
Delete the public key on the remote server
$ rm id_dsa.pub
Exit the server
$ exit
From your own account on your own machine, try
$ ssh theboss@server.local
If you did everything correctly, you will be logged into the remote server as theboss without being asked for a password.
you can also copy stuff using scp without passwords now too (which is the main goal for my remote copy scripts), for example....
$ scp textfile.txt theboss@server.local:~/
Troubleshooting
If it is not working, check the ownership and permissions on the .ssh directory and the authorized_keys2 file on the target machine.
Both should be destuser:destuser ownership where destuser is the name of the destination account.
The .ssh directory permissions should be drwx------ (0700) and the authorized_keys2 file should be -rw------- (0600)
The destination home directory should not be more than 0755 (yes, I had one machine that would not work, and this was the fix. 0775 and 0777 on that particular machine would cause the ssh command to request a password and not use the keys!)
Tip:
If you are issuing remote commands in a script, you should to delimit the remote command with double quotes, especially if the remote command has shell script variables. For example:
ssh $SUPERUSER@$TARGET_HOST "chown -R appserver:appserveradm /Library/WebObjects/Applications/$FINAL.woa"
References:
http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
Scenario: My local user name is kieran. The server has an administrator user name of 'theboss'
Instructions:
$ cd ~
$ ls -al
You probably have it already, but if you don't have a .ssh directory listed, create it
$ mkdir .ssh
Set the privs on your .ssh if not drwx------
$ chmod -R 0700 .ssh/
Now do...
$ cd .ssh/
$ ssh-keygen -t dsa -f id_dsa -P ''
This creates private and public keys without a passphrase
Now copy the PUBLIC key ONLY to the .ssh directory of the target user on the target host, for example
$ scp id_dsa.pub theboss@server.local:~/.ssh
Now log into the remote server as the target user
$ ssh theboss@server.local
Now...
$ cd .ssh/
Put your public key in the authorized keys file
$ cat id_dsa.pub >> authorized_keys2
Set the privs
$ chmod 0600 authorized_keys2
Delete the public key on the remote server
$ rm id_dsa.pub
Exit the server
$ exit
From your own account on your own machine, try
$ ssh theboss@server.local
If you did everything correctly, you will be logged into the remote server as theboss without being asked for a password.
you can also copy stuff using scp without passwords now too (which is the main goal for my remote copy scripts), for example....
$ scp textfile.txt theboss@server.local:~/
Troubleshooting
If it is not working, check the ownership and permissions on the .ssh directory and the authorized_keys2 file on the target machine.
Both should be destuser:destuser ownership where destuser is the name of the destination account.
The .ssh directory permissions should be drwx------ (0700) and the authorized_keys2 file should be -rw------- (0600)
The destination home directory should not be more than 0755 (yes, I had one machine that would not work, and this was the fix. 0775 and 0777 on that particular machine would cause the ssh command to request a password and not use the keys!)
Tip:
If you are issuing remote commands in a script, you should to delimit the remote command with double quotes, especially if the remote command has shell script variables. For example:
ssh $SUPERUSER@$TARGET_HOST "chown -R appserver:appserveradm /Library/WebObjects/Applications/$FINAL.woa"
References:
http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
Posted: Tuesday - November 28, 2006 at 02:54 PM
Quick Links
Statistics
Total entries in this blog:
Total entries in this category:
Published On: Dec 29, 2008 02:27 PM
Total entries in this category:
Published On: Dec 29, 2008 02:27 PM