Solved

About SSH command in Linux

Posted on 2013-11-19
6
420 Views
Last Modified: 2013-11-19
Dear Experts,

I'm developing a Java service (on Redhat) that uses SSH command to another remote PC.
I uses private key for authentication.

If the private key exists and authentication is successful, my service is OK.
But the problem is:
-  If the private key not exist or can not access, there will be a prompt dialog to ask for a password.
openssh's dialog
Question:
-  How can we prevent the dialog for asking password?
-  I tried to modify
       [PaswordAuthentication yes/no]
    in [/etc/ssh/ssh_config] but it will affect all system (not only my service).

Regards.
0
Comment
Question by:FSOFT-SA
6 Comments
 
LVL 31

Expert Comment

by:farzanj
Comment Utility
There are normally two solutions to this problem.

Either enable public-private key mechanism as you just described

Or use some Expect (or alike) utility that would read the terminal prompts and provide a password.

First one is the better way to go.

SSH should be used for admin kind of jobs.  If you are designing a software solution, you better use some CGI or web kind of programming to accomplish the same.
0
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
Comment Utility
If you want to disable password authentication just for your particular session you can pass the following argument on the 'ssh' command line...
-oPasswordAuthentication=no

Open in new window

If that doesn't work, you might also look into the PreferredAuthentications option (depending on which protocol version you are using), it is doucmented on the ssh_config man page...

http://linux.die.net/man/5/ssh_config
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Your java app should/could use an encrypted stream and deal with the credential exchange without the use of an external command.  Your app controls whether to present the password prompt to the user.

Depending on which ssh class you incorporate into your java service there might be a way as the other experts pointed to dealing with error/event handling.
The option disabling password authentication is a shortsighted solution as it could hide a future failure especially making hard to resolve an issue like loss of connectivity to the remote system or termination of sshd or a misconfiguration of a firewall on the remote system.  All the above might not provide feedback to resolve the issue quickly.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Closing Comment

by:FSOFT-SA
Comment Utility
The option "-oPasswordAuthentication=no" on the 'ssh' command line works fine for me.
0
 
LVL 35

Expert Comment

by:mccarl
Comment Utility
@FSOFT-SA,  Glad to help! :)

@arnold,  I don't think there is anything shortsighted or incorrect about this method. All it is saying is that IF public key authentication has failed, rather than fallback and attempt a password authentication which can never succeed anyway, just fail the whole attempt straight away. The end result is still the same, either the ssh process succeeds due to correct public key auth otherwise the process fails (just now it fails without having to have shown the useless password dialog box). And I don't see how authentication methods used relates to loss of connectivity or firewall misconfiguration, or what feedback is provided
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
McCall,  
I agree that your suggestion is valid, my point on the shortsighted deals with adding a "reporting" mechanism rather than failing gracefully which is how I interpreted the question given the current situation where a "user" gets a prompt for a password.

The option to disable password auth, means the user's attempts fails. Not sure what if any notice is output to the user or if any notification to the admin is made to indicate an attempt to access servers failed for login/authentication issue.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now