Solved

About SSH command in Linux

Posted on 2013-11-19
6
433 Views
Last Modified: 2013-11-19
Dear Experts,

I'm developing a Java service (on Redhat) that uses SSH command to another remote PC.
I uses private key for authentication.

If the private key exists and authentication is successful, my service is OK.
But the problem is:
-  If the private key not exist or can not access, there will be a prompt dialog to ask for a password.
openssh's dialog
Question:
-  How can we prevent the dialog for asking password?
-  I tried to modify
       [PaswordAuthentication yes/no]
    in [/etc/ssh/ssh_config] but it will affect all system (not only my service).

Regards.
0
Comment
Question by:FSOFT-SA
6 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 39661352
There are normally two solutions to this problem.

Either enable public-private key mechanism as you just described

Or use some Expect (or alike) utility that would read the terminal prompts and provide a password.

First one is the better way to go.

SSH should be used for admin kind of jobs.  If you are designing a software solution, you better use some CGI or web kind of programming to accomplish the same.
0
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
ID: 39661362
If you want to disable password authentication just for your particular session you can pass the following argument on the 'ssh' command line...
-oPasswordAuthentication=no

Open in new window

If that doesn't work, you might also look into the PreferredAuthentications option (depending on which protocol version you are using), it is doucmented on the ssh_config man page...

http://linux.die.net/man/5/ssh_config
0
 
LVL 77

Expert Comment

by:arnold
ID: 39661448
Your java app should/could use an encrypted stream and deal with the credential exchange without the use of an external command.  Your app controls whether to present the password prompt to the user.

Depending on which ssh class you incorporate into your java service there might be a way as the other experts pointed to dealing with error/event handling.
The option disabling password authentication is a shortsighted solution as it could hide a future failure especially making hard to resolve an issue like loss of connectivity to the remote system or termination of sshd or a misconfiguration of a firewall on the remote system.  All the above might not provide feedback to resolve the issue quickly.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Closing Comment

by:FSOFT-SA
ID: 39661464
The option "-oPasswordAuthentication=no" on the 'ssh' command line works fine for me.
0
 
LVL 35

Expert Comment

by:mccarl
ID: 39661537
@FSOFT-SA,  Glad to help! :)

@arnold,  I don't think there is anything shortsighted or incorrect about this method. All it is saying is that IF public key authentication has failed, rather than fallback and attempt a password authentication which can never succeed anyway, just fail the whole attempt straight away. The end result is still the same, either the ssh process succeeds due to correct public key auth otherwise the process fails (just now it fails without having to have shown the useless password dialog box). And I don't see how authentication methods used relates to loss of connectivity or firewall misconfiguration, or what feedback is provided
0
 
LVL 77

Expert Comment

by:arnold
ID: 39661566
McCall,  
I agree that your suggestion is valid, my point on the shortsighted deals with adding a "reporting" mechanism rather than failing gracefully which is how I interpreted the question given the current situation where a "user" gets a prompt for a password.

The option to disable password auth, means the user's attempts fails. Not sure what if any notice is output to the user or if any notification to the admin is made to indicate an attempt to access servers failed for login/authentication issue.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
This video teaches viewers about errors in exception handling.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now