RE: SSH in BatchMode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks guys for the overwhelming response. Finally I got it working. For
the interested people, the issue was with the ownership of the home
directory for the root account. See below
 
- EARLIER was
drwx------   9 vikas.rawat   coe            4096 May 23 14:59 coe

- MODIFIED to 
drwx------   9 root          coe            4096 May 23 15:00 coe

This works. 

Regards,
Vikas

Here is a clearly defined process from one of my colleagues (Prashant
Lal) for doing the same.
------------------------------------------------------------------------
----------------------

Host machine: rhythm
Remote machine: blrqmail

1. Generate key on host machine. This is for the user id 'lalp', change
to the uid you want to create a key for

[lalp@rhythm .ssh]$ ssh-keygen -d
Generating public/private dsa key pair.
Enter file in which to save the key (/home/lalp/.ssh/id_dsa):  "press
ENTER here"
Enter passphrase (empty for no passphrase):
"press ENTER here"
Enter same passphrase again:
"press ENTER here"
Your identification has been saved in /home/lalp/.ssh/id_dsa.
Your public key has been saved in /home/lalp/.ssh/id_dsa.pub.
The key fingerprint is:
2d:c3:13:b8:38:65:dc:f7:cd:a3:d5:80:4e:32:54:93 lalp@rhythm

Now your keys are generated. We have not given any passphrase instead we
have pressed the enter because to perform the automated scripted
operations on the remote machine. 


2. Copy the id_dsa.pub file as authorized_keys from the host machine to
remote machine (into the home folder of the uid i.e.
<blrqmail>/home/lalp in this case)

[lalp@rhythm .ssh]$ scp /home/lalp/.ssh/id_dsa.pub
lalp@blrqmail:/home/lalp/.ssh/authorized_keys

CAUTION: This would overwrite your existing file. If you want to add to
your file, copy to some other location and append to this. Try this on
the host machine [lalp@rhythm .ssh]$ scp /home/lalp/.ssh/id_dsa.pub
lalp@blrqmail:/home/lalp/.ssh/lalp.rhythm.id_dsa.pub
On the remote machine
[lalp@blrqmail .ssh]$ cat lalp.rhythm.id_dsa.pub >> authorized_keys

Note: If you are logging into the remote machine for the first time
using SSH, you will be asked to save the remote machine's certificate.
Please accept and save it.

3. Now check the permision on the remote machine for .ssh and
authorized_keys

[lalp@blrqmail lalp]$ chmod -R 600 /home/lalp/.ssh [lalp@blrqmail .ssh]$
ls -lrt total 8
-rw-r--r--    1 lalp     lalp          601 May 23 14:29 authorized_keys

[lalp@blrqmail .ssh]$ ls -la ../ |grep .ssh
drwx------    2 lalp     lalp         4096 May 23 14:30 .ssh
[lalp@blrqmail .ssh]$

4. Log in from the host machine to remote machine 

[lalp@rhythm .ssh]$ ssh blrqmail
[lalp@blrqmail lalp]$

You should be logged in straightaway with out any password.
 

-----Original Message-----
From: Stephen Berg [mailto:sberg@xxxxxxxxxxxxxxx] 
Sent: Tuesday, May 23, 2006 3:56 PM
To: General Red Hat Linux discussion list
Subject: Re: SSH in BatchMode

Vikas Rawat wrote:
>>3. We have also changed the file/directory permission for ~/.ssh & 
>>~/.ssh/authorized_key to be read-write for user only by executing
>>
>>>chmod -R 600 .ssh

Did you modify /etc/sshd_config to use the ~/.ssh/authorized_keys file? 
  Also notice that it should be "keys" not "key".  And by default
sshd_config won't read that file to check for public keys.
-- 
                             Stephen Berg
//-      Linux/UNIX SysAdmin -/- Fixer of that which is broke      -//
//-                 Home = sberg@xxxxxxxxxxxxxxx                   -//
//-                 Work = stephen.berg@xxxxxxxx                   -//
//-     http://iceberg.3c0x1.com/   -/-   http://www.3c0x1.com     -//
                Sinners can repent, but stupid is forever.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux