akaodin
asked on
openSSH on Red Hat 9 during non-interactive session
I am trying to run an ssh command w/ CronTab during a non-interactive session (of course). The command runs fine during an interactive session but is denied permission when it is non-interactive. I supect it has something to do w/ what gets initially setup. I believe that .bash_profile is setup but I am not totally sure. The mail msg reads that the <SHELL=/bin/sh>. What can I do to insure that the ssh runs the same non-interactively as it does interactively. Not exactly sure what is going on here. Thx much in advance.
ASKER
Exactly how would I guarantee that the resource files not use the tty command. I believe that I need the bashrc and profiles in order to launch the ssh - maybe not. Another thought I have had is that maybe the problem I am having is the permissions on the ssh files. I tried changing the permission of id_rsa from 600 to 777. It did not work, moreover it hesitated my startup. More thoughts?
> Exactly how would I guarantee ..
grep tty ~/.* /etc/*
or simply use an at command which logs in remote and catch the output
ssh permission problems are more generic, means that it won't worjk at all wether interactive or in batch mode
Can you pleas post an error message you get.
grep tty ~/.* /etc/*
or simply use an at command which logs in remote and catch the output
ssh permission problems are more generic, means that it won't worjk at all wether interactive or in batch mode
Can you pleas post an error message you get.
ASKER
I have 2 servers: DJX and TJW
on DJX I have a file named tryit w/ the line "ssh -v tjw cat sendit"
the command file works fine interactively but when I try it w/ a Cron job and the system is not interactive I get the following errors (as viewed from the mail msg):
From root@djx.odin.com Wed Nov 21 10:23:00 2007
Return-Path: <root@djx.odin.com>
Received: from djx.odin.com (localhost [127.0.0.1])
by djx.odin.com (8.12.8/8.12.8) with ESMTP id lALFN0ek015061
for <root@djx.odin.com>; Wed, 21 Nov 2007 10:23:00 -0500
Received: (from root@localhost)
by djx.odin.com (8.12.8/8.12.8/Submit) id lALFN0Wu015059
for root; Wed, 21 Nov 2007 10:23:00 -0500
Date: Wed, 21 Nov 2007 10:23:00 -0500
Message-Id: <200711211523.lALFN0Wu0150 59@djx.odi n.com>
From: root@djx.odin.com (Cron Daemon)
To: root@djx.odin.com
Subject: Cron <root@djx> /root/tryit
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
Status: R
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to tjw [10.0.0.142] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES T sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 122/256
debug1: bits set: 1626/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'tjw' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 1617/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboar d-interact ive
debug1: next auth method to try is publickey
debug1: try privkey: /root/.ssh/identity
debug1: try pubkey: /root/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 277 lastkey 0x808fef8 hint 1
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: try privkey: /root/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboar d-interact ive
debug1: next auth method to try is password
debug1: authentications that can continue: publickey,password,keyboar d-interact ive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboar d-interact ive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboar d-interact ive
debug1: no more auth methods to try
Permission denied (publickey,password,keyboa rd-interac tive).
debug1: Calling cleanup 0x80674d0(0x0)
Hope this helps. Thx.
on DJX I have a file named tryit w/ the line "ssh -v tjw cat sendit"
the command file works fine interactively but when I try it w/ a Cron job and the system is not interactive I get the following errors (as viewed from the mail msg):
From root@djx.odin.com Wed Nov 21 10:23:00 2007
Return-Path: <root@djx.odin.com>
Received: from djx.odin.com (localhost [127.0.0.1])
by djx.odin.com (8.12.8/8.12.8) with ESMTP id lALFN0ek015061
for <root@djx.odin.com>; Wed, 21 Nov 2007 10:23:00 -0500
Received: (from root@localhost)
by djx.odin.com (8.12.8/8.12.8/Submit) id lALFN0Wu015059
for root; Wed, 21 Nov 2007 10:23:00 -0500
Date: Wed, 21 Nov 2007 10:23:00 -0500
Message-Id: <200711211523.lALFN0Wu0150
From: root@djx.odin.com (Cron Daemon)
To: root@djx.odin.com
Subject: Cron <root@djx> /root/tryit
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
Status: R
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to tjw [10.0.0.142] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 122/256
debug1: bits set: 1626/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'tjw' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 1617/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboar
debug1: next auth method to try is publickey
debug1: try privkey: /root/.ssh/identity
debug1: try pubkey: /root/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 277 lastkey 0x808fef8 hint 1
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: try privkey: /root/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboar
debug1: next auth method to try is password
debug1: authentications that can continue: publickey,password,keyboar
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboar
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboar
debug1: no more auth methods to try
Permission denied (publickey,password,keyboa
debug1: Calling cleanup 0x80674d0(0x0)
Hope this helps. Thx.
ASKER
Hi again,
The following are the msgs of the interactive session which succeeds:
[root@djx root]# tryit
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to tjw [10.0.0.142] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES T sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 139/256
debug1: bits set: 1619/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'tjw' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 1600/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboar d-interact ive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /root/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 277 lastkey 0x8092900 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: cat /root/tryit
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
ssh djx cat sendit
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
The only discernable diff I noticed are the bits set. Hope this also helps. Thx.
The following are the msgs of the interactive session which succeeds:
[root@djx root]# tryit
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to tjw [10.0.0.142] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 139/256
debug1: bits set: 1619/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'tjw' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 1600/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboar
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /root/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 277 lastkey 0x8092900 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: cat /root/tryit
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
ssh djx cat sendit
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
The only discernable diff I noticed are the bits set. Hope this also helps. Thx.
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> debug1: try privkey: /root/.ssh/id_dsa
> debug1: next auth method to try is keyboard-interactive
the first line indicates that your keyfile cannot be read, which then results in a keyboard interactive auth methos (last line)
There's something wrong with your keyfiles and/or the user running your cron.
Can you please post the cron line.
> debug1: read PEM private key done: type <unknown>
> debug1: try privkey: /root/.ssh/id_dsa
> debug1: next auth method to try is keyboard-interactive
the first line indicates that your keyfile cannot be read, which then results in a keyboard interactive auth methos (last line)
There's something wrong with your keyfiles and/or the user running your cron.
Can you please post the cron line.
ASKER
Hi,
In my /root/.ssh I have:
id_rsa
id_rsa.pub
known_hosts
authorized_keys
These work interactively. The cron line which is supposed to trigger these events is:
30 3 * * * /root/tryit
and tryit has the single line: "ssh -v djx cat sendit"
Earlier I typed the wrong line. Client TJW is supposed to read a file from DJX.
Hope this helps.
In my /root/.ssh I have:
id_rsa
id_rsa.pub
known_hosts
authorized_keys
These work interactively. The cron line which is supposed to trigger these events is:
30 3 * * * /root/tryit
and tryit has the single line: "ssh -v djx cat sendit"
Earlier I typed the wrong line. Client TJW is supposed to read a file from DJX.
Hope this helps.
most likely not the prboblem but I'd recommend to use full paths in all your scripts called by cron and cron itself
said this, can you please post the corresponding entry from your ~/.ssh/config file and also
ls -lad /root/.ssh /root/.ssh/{config,id_rsa, known_host s}
said this, can you please post the corresponding entry from your ~/.ssh/config file and also
ls -lad /root/.ssh /root/.ssh/{config,id_rsa,
ASKER
Hi,
My (Red Hat 9) ssh config is in /etc/ssh. I have included the info youe requested.
drwx------ 2 root root 4096 Nov 20 20:22 .ssh
total 44
-rw------- 1 root root 1743 Mar 6 2005 id_tjw
-rw-r--r-- 1 root root 381 Nov 18 09:30 id_djx.pub
-rw------- 1 root root 1743 Nov 18 09:31 id_djx
-rw-r--r-- 1 root root 381 Nov 18 09:56 id_tjw.pub
-rwxr-xr-x 1 root root 1143 Nov 18 09:58 authorized_keys
-rw-r--r-- 1 root root 44 Nov 18 10:00 pass.txt
-rw-r--r-- 1 root root 448 Nov 18 14:58 known_hosts
-rwx------ 1 root root 48 Nov 19 16:12 djx
-rwx------ 1 root root 48 Nov 19 16:13 tjw
-rw-r--r-- 1 root root 381 Nov 21 06:38 id_rsa.pub
-rw------- 1 root root 1743 Nov 21 06:38 id_rsa
drwxr-xr-x 2 root root 4096 Mar 6 2004 /etc/ssh
total 124
-rw------- 1 root root 88039 Feb 14 2003 moduli
-rw------- 1 root root 2474 Feb 21 2003 sshd_config
-rw-r--r-- 1 root root 319 Feb 21 2004 ssh_host_key.pub
-rw------- 1 root root 515 Feb 21 2004 ssh_host_key
-rw-r--r-- 1 root root 210 Feb 21 2004 ssh_host_rsa_key.pub
-rw------- 1 root root 883 Feb 21 2004 ssh_host_rsa_key
-rw-r--r-- 1 root root 590 Feb 21 2004 ssh_host_dsa_key.pub
-rw------- 1 root root 668 Feb 21 2004 ssh_host_dsa_key
-rw-r--r-- 1 root root 1167 Mar 18 2004 ssh_config
Hope this helps. Thx.
My (Red Hat 9) ssh config is in /etc/ssh. I have included the info youe requested.
drwx------ 2 root root 4096 Nov 20 20:22 .ssh
total 44
-rw------- 1 root root 1743 Mar 6 2005 id_tjw
-rw-r--r-- 1 root root 381 Nov 18 09:30 id_djx.pub
-rw------- 1 root root 1743 Nov 18 09:31 id_djx
-rw-r--r-- 1 root root 381 Nov 18 09:56 id_tjw.pub
-rwxr-xr-x 1 root root 1143 Nov 18 09:58 authorized_keys
-rw-r--r-- 1 root root 44 Nov 18 10:00 pass.txt
-rw-r--r-- 1 root root 448 Nov 18 14:58 known_hosts
-rwx------ 1 root root 48 Nov 19 16:12 djx
-rwx------ 1 root root 48 Nov 19 16:13 tjw
-rw-r--r-- 1 root root 381 Nov 21 06:38 id_rsa.pub
-rw------- 1 root root 1743 Nov 21 06:38 id_rsa
drwxr-xr-x 2 root root 4096 Mar 6 2004 /etc/ssh
total 124
-rw------- 1 root root 88039 Feb 14 2003 moduli
-rw------- 1 root root 2474 Feb 21 2003 sshd_config
-rw-r--r-- 1 root root 319 Feb 21 2004 ssh_host_key.pub
-rw------- 1 root root 515 Feb 21 2004 ssh_host_key
-rw-r--r-- 1 root root 210 Feb 21 2004 ssh_host_rsa_key.pub
-rw------- 1 root root 883 Feb 21 2004 ssh_host_rsa_key
-rw-r--r-- 1 root root 590 Feb 21 2004 ssh_host_dsa_key.pub
-rw------- 1 root root 668 Feb 21 2004 ssh_host_dsa_key
-rw-r--r-- 1 root root 1167 Mar 18 2004 ssh_config
Hope this helps. Thx.
ASKER
Forgot, this is my /etc/ssh/{ssh_config,sshd_ config} files (not quite sure which one it uses) :
# $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfi sh-cbc,cas t128-cbc,a rcfour,aes 192-cbc,ae s256-cbc
# EscapeChar ~
Host *
ForwardX11 yes
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/ usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthenti cation yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdIn t no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp- server
# $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfi
# EscapeChar ~
Host *
ForwardX11 yes
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthenti
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdIn
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-
I was asking for /root/.ssh and its files not /etc/ssh.
In your debug output you also see that the files are read from /root/.ssh/.
Also, please just post the proper entry from /root/.ssh/config, no comments etc.
In your debug output you also see that the files are read from /root/.ssh/.
Also, please just post the proper entry from /root/.ssh/config, no comments etc.
ASKER
Hi,
Here are the files in /root/.ssh
[root@tjw root]# ls -lrt .ssh
-rwx------ 1 root root 48 Nov 19 18:22 tjw
-rw-r--r-- 1 root root 44 Nov 19 18:22 pass.txt
-rw-r--r-- 1 root root 448 Nov 19 18:22 known_hosts
-rw-r--r-- 1 root root 381 Nov 19 18:22 id_tjw.pub
-rw------- 1 root root 1743 Nov 19 18:22 id_tjw
-rw-r--r-- 1 root root 381 Nov 19 18:22 id_djx.pub
-rw------- 1 root root 1743 Nov 19 18:22 id_djx
-rwx------ 1 root root 48 Nov 19 18:22 djx
-rwxr-xr-x 1 root root 1143 Nov 19 18:22 authorized_keys
-rw-r--r-- 1 root root 381 Nov 21 06:36 id_rsa.pub
-rw------- 1 root root 1743 Nov 21 06:36 id_rsa
[root@tjw root]#
As you see, there is no /root/.ssh/config/ on this version of openssh 3.5p1 (at least on my machine). I had posted earlier the config files on my machines: /etc/ssh/ss[d]_config. I do not know which is relevant. The only non-commented lines are:
/etc/ssh/ssh_config
Host *
ForwardX11 yes
/etc/ssh/sshd_config
SyslogFacility AUTHPRIV
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp- server
Hope this helps. Thx.
Here are the files in /root/.ssh
[root@tjw root]# ls -lrt .ssh
-rwx------ 1 root root 48 Nov 19 18:22 tjw
-rw-r--r-- 1 root root 44 Nov 19 18:22 pass.txt
-rw-r--r-- 1 root root 448 Nov 19 18:22 known_hosts
-rw-r--r-- 1 root root 381 Nov 19 18:22 id_tjw.pub
-rw------- 1 root root 1743 Nov 19 18:22 id_tjw
-rw-r--r-- 1 root root 381 Nov 19 18:22 id_djx.pub
-rw------- 1 root root 1743 Nov 19 18:22 id_djx
-rwx------ 1 root root 48 Nov 19 18:22 djx
-rwxr-xr-x 1 root root 1143 Nov 19 18:22 authorized_keys
-rw-r--r-- 1 root root 381 Nov 21 06:36 id_rsa.pub
-rw------- 1 root root 1743 Nov 21 06:36 id_rsa
[root@tjw root]#
As you see, there is no /root/.ssh/config/ on this version of openssh 3.5p1 (at least on my machine). I had posted earlier the config files on my machines: /etc/ssh/ss[d]_config. I do not know which is relevant. The only non-commented lines are:
/etc/ssh/ssh_config
Host *
ForwardX11 yes
/etc/ssh/sshd_config
SyslogFacility AUTHPRIV
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-
Hope this helps. Thx.
> As you see, there is no /root/.ssh/config/
then you have to tell ssh (in your cron script) to use a key file, something like:
/path/to/ssh -i /root/.ssh/keyfile user@remote /path/to/cat sendit
then you have to tell ssh (in your cron script) to use a key file, something like:
/path/to/ssh -i /root/.ssh/keyfile user@remote /path/to/cat sendit
ASKER
Hi,
Would it be easier in the long run to chg my config to /root/config in stead of /etc/ssh/sshd_config. If so, is that an item in the config file or does ssh have to be rebuilt? I hav not tried your suggestion yet, but I certainly will.
Would it be easier in the long run to chg my config to /root/config in stead of /etc/ssh/sshd_config. If so, is that an item in the config file or does ssh have to be rebuilt? I hav not tried your suggestion yet, but I certainly will.
yes you should use /root/.ssh/config and you don't need to rebuild ssh or sshd
ASKER
Hi,
Pardon me for being dense. Do I simply cp /etc/ssh/sshd_config /root/ssh/cofig. Then what? There must be a step I am missing. Pls advise. Thx.
Pardon me for being dense. Do I simply cp /etc/ssh/sshd_config /root/ssh/cofig. Then what? There must be a step I am missing. Pls advise. Thx.
ASKER
Hi,
I tried linking /etc/ssh/sshd_config to /root/.ssh/config. This time I got the error msgs:
Bad configuration options: Syslog Facility, X11Forsarding, Subsystem, ...
I then tried linking instead /etc/ssh/ssh_config. Again, wrong permissions. Any suggestions?
I tried linking /etc/ssh/sshd_config to /root/.ssh/config. This time I got the error msgs:
Bad configuration options: Syslog Facility, X11Forsarding, Subsystem, ...
I then tried linking instead /etc/ssh/ssh_config. Again, wrong permissions. Any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
How does one setup a configuration file? It was done automatically for me when I built ssh. I checked the man-pages of ssh and found no mention of how to create a configuration file. It does mention (as you said) the per-user configuration file of $HOME/.ssh/config. Unfortunately, it does not tell how to create it. Any suggestions on where to look further" Thx.
How does one setup a configuration file? It was done automatically for me when I built ssh. I checked the man-pages of ssh and found no mention of how to create a configuration file. It does mention (as you said) the per-user configuration file of $HOME/.ssh/config. Unfortunately, it does not tell how to create it. Any suggestions on where to look further" Thx.
ASKER
Hi,
I think I get it. The $HOME/.ssh/config can be built by inserting only relevant options. All others will be checked in the system configuration files. Any idea which options might help me?
I think I get it. The $HOME/.ssh/config can be built by inserting only relevant options. All others will be checked in the system configuration files. Any idea which options might help me?
ASKER
Hi,
Gave you the points you well deserved. However, I am not sure I will ever solve my problem. I did learn more about SSH and that is worth a lot. Thx again. My next goal is to try and add several options to $HOME/.ssh/config to see if it makes a difference. Thx again.
Gave you the points you well deserved. However, I am not sure I will ever solve my problem. I did learn more about SSH and that is worth a lot. Thx again. My next goal is to try and add several options to $HOME/.ssh/config to see if it makes a difference. Thx again.
# ~/.ssh/config usally consist of entries (blocks) as follows:
Host whatever-alias-you-want
HostName FQDN
Port 22
Protocol 1
CheckHostIP yes
User remoteusername
ForwardAgent yes
ForwardX11 yes
Compression yes
IdentityFile ~/.ssh/public-file
KeepAlive no
# If you look at your ssh sample in http:#20342628 I'd expect a block stating with
Host djx
Host whatever-alias-you-want
HostName FQDN
Port 22
Protocol 1
CheckHostIP yes
User remoteusername
ForwardAgent yes
ForwardX11 yes
Compression yes
IdentityFile ~/.ssh/public-file
KeepAlive no
# If you look at your ssh sample in http:#20342628 I'd expect a block stating with
Host djx
ASKER
Hi aHoffman,
I really appreciate al your help. I should have read the ssh_config earlier. It is as you said. But I doubt seriously if I could have figured it out for myself w/o your help.
The file states 'Host *' Can I use that, or should I use the hostname of the server
I really appreciate al your help. I should have read the ssh_config earlier. It is as you said. But I doubt seriously if I could have figured it out for myself w/o your help.
The file states 'Host *' Can I use that, or should I use the hostname of the server
not sure if you can use * as alias (value for the Host directive), you need to try yourself
I'd not use * 'cause you'll have to take special care with it in most shells.
The value of the Host directive is a name (aka alias) for you to identify a special ssh configuration for a specific connection. Without that a corresponding (to my config example) ssh call would look like:
ssh -1 -P 22 -X -o "KeepAlive=no" remoteusername@FQGN
I'd not use * 'cause you'll have to take special care with it in most shells.
The value of the Host directive is a name (aka alias) for you to identify a special ssh configuration for a specific connection. Without that a corresponding (to my config example) ssh call would look like:
ssh -1 -P 22 -X -o "KeepAlive=no" remoteusername@FQGN
A simple echo command doesn't harm, usually, but if ther is something like the tty command or something expecting input, then the script fails. For cron and a like you best use a user without any shell startup files.