Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

About SSH command in Linux

Posted on 2013-11-19
6
Medium Priority
?
489 Views
Last Modified: 2013-11-19
Dear Experts,

I'm developing a Java service (on Redhat) that uses SSH command to another remote PC.
I uses private key for authentication.

If the private key exists and authentication is successful, my service is OK.
But the problem is:
-  If the private key not exist or can not access, there will be a prompt dialog to ask for a password.
openssh's dialog
Question:
-  How can we prevent the dialog for asking password?
-  I tried to modify
       [PaswordAuthentication yes/no]
    in [/etc/ssh/ssh_config] but it will affect all system (not only my service).

Regards.
0
Comment
Question by:FSOFT-SA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 39661352
There are normally two solutions to this problem.

Either enable public-private key mechanism as you just described

Or use some Expect (or alike) utility that would read the terminal prompts and provide a password.

First one is the better way to go.

SSH should be used for admin kind of jobs.  If you are designing a software solution, you better use some CGI or web kind of programming to accomplish the same.
0
 
LVL 36

Accepted Solution

by:
mccarl earned 2000 total points
ID: 39661362
If you want to disable password authentication just for your particular session you can pass the following argument on the 'ssh' command line...
-oPasswordAuthentication=no

Open in new window

If that doesn't work, you might also look into the PreferredAuthentications option (depending on which protocol version you are using), it is doucmented on the ssh_config man page...

http://linux.die.net/man/5/ssh_config
0
 
LVL 80

Expert Comment

by:arnold
ID: 39661448
Your java app should/could use an encrypted stream and deal with the credential exchange without the use of an external command.  Your app controls whether to present the password prompt to the user.

Depending on which ssh class you incorporate into your java service there might be a way as the other experts pointed to dealing with error/event handling.
The option disabling password authentication is a shortsighted solution as it could hide a future failure especially making hard to resolve an issue like loss of connectivity to the remote system or termination of sshd or a misconfiguration of a firewall on the remote system.  All the above might not provide feedback to resolve the issue quickly.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Closing Comment

by:FSOFT-SA
ID: 39661464
The option "-oPasswordAuthentication=no" on the 'ssh' command line works fine for me.
0
 
LVL 36

Expert Comment

by:mccarl
ID: 39661537
@FSOFT-SA,  Glad to help! :)

@arnold,  I don't think there is anything shortsighted or incorrect about this method. All it is saying is that IF public key authentication has failed, rather than fallback and attempt a password authentication which can never succeed anyway, just fail the whole attempt straight away. The end result is still the same, either the ssh process succeeds due to correct public key auth otherwise the process fails (just now it fails without having to have shown the useless password dialog box). And I don't see how authentication methods used relates to loss of connectivity or firewall misconfiguration, or what feedback is provided
0
 
LVL 80

Expert Comment

by:arnold
ID: 39661566
McCall,  
I agree that your suggestion is valid, my point on the shortsighted deals with adding a "reporting" mechanism rather than failing gracefully which is how I interpreted the question given the current situation where a "user" gets a prompt for a password.

The option to disable password auth, means the user's attempts fails. Not sure what if any notice is output to the user or if any notification to the admin is made to indicate an attempt to access servers failed for login/authentication issue.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
In this post we will learn different types of Android Layout and some basics of an Android App.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question