[PLUG] ssh conundrum -- ON TOPIC

Steven Raymond stever at woo-hoo.com
Sun Oct 24 21:47:44 UTC 2004


Rich Shepard said:
> That
> would get me straightened out

Ah, I see.  Am only guessing but suppose that replacing your known_hosts
file would accomplish that objective.

>    Two questions: 1) Why do this as root rather than as a user? I block
> root
> logins via ssh.

No particular reason, this snippet was just something I saved for myself
long ago when trying to create a scripted rsync backup that facilitated
the script running w/o scp prompting user for root password.

2) Why no pass phrase? I skip that and use my password
> when
> I'm here but I always use the pass phrase when I'm away.

Um, I really don't understand what the purpose of the pass phrase is in
that context- sorry.  It seems to be completely independent of your
regular username/password credentials.  My goal with that script was just
to be able to scp in a script in the middle of the night w/o having a
password be manually entered.

>    The only difficulty with this technique is that it requires being able
> to
> scp from one box to another. It is my inability to do this that prompted
> my
> question. It's an infinite loop: I cannot get the pass phrases coordinated
> between two machines until I'm able to connect via ssh or scp; I cannot
> connect via ssh/scp until I coordinate the two machines with the same pass
> phrase in known_hosts. Check mate.

Am confused.  My example required that you need to supply your regular ssh
login only the first time, when doing the scp of id_rsa.pub file.  Meaning
when you ssh (or scp) w/o the host key, it interactively prompts you for
your password.  In my experience, I must supply my password every time I
ssh to a host, _unless_ I first use the technique I showed previous email
to store a key on the remote machine.  Once that is done, I can
subsequently just "ssh hostname" either interactively or scripted and am
not prompted for a password.  Perhaps I misunderstood your goals in the
first place.  Are you unable to ssh to the hosts at all, now?

Regards

-- 
"But thinking is always sooo difficult....."
    Winnie The Pooh




More information about the PLUG mailing list