?
Solved

About SSH command in Linux

Posted on 2013-11-19
6
Medium Priority
?
495 Views
Last Modified: 2013-11-19
Dear Experts,

I'm developing a Java service (on Redhat) that uses SSH command to another remote PC.
I uses private key for authentication.

If the private key exists and authentication is successful, my service is OK.
But the problem is:
-  If the private key not exist or can not access, there will be a prompt dialog to ask for a password.
openssh's dialog
Question:
-  How can we prevent the dialog for asking password?
-  I tried to modify
       [PaswordAuthentication yes/no]
    in [/etc/ssh/ssh_config] but it will affect all system (not only my service).

Regards.
0
Comment
Question by:FSOFT-SA
6 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 39661352
There are normally two solutions to this problem.

Either enable public-private key mechanism as you just described

Or use some Expect (or alike) utility that would read the terminal prompts and provide a password.

First one is the better way to go.

SSH should be used for admin kind of jobs.  If you are designing a software solution, you better use some CGI or web kind of programming to accomplish the same.
0
 
LVL 36

Accepted Solution

by:
mccarl earned 2000 total points
ID: 39661362
If you want to disable password authentication just for your particular session you can pass the following argument on the 'ssh' command line...
-oPasswordAuthentication=no

Open in new window

If that doesn't work, you might also look into the PreferredAuthentications option (depending on which protocol version you are using), it is doucmented on the ssh_config man page...

http://linux.die.net/man/5/ssh_config
0
 
LVL 81

Expert Comment

by:arnold
ID: 39661448
Your java app should/could use an encrypted stream and deal with the credential exchange without the use of an external command.  Your app controls whether to present the password prompt to the user.

Depending on which ssh class you incorporate into your java service there might be a way as the other experts pointed to dealing with error/event handling.
The option disabling password authentication is a shortsighted solution as it could hide a future failure especially making hard to resolve an issue like loss of connectivity to the remote system or termination of sshd or a misconfiguration of a firewall on the remote system.  All the above might not provide feedback to resolve the issue quickly.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Closing Comment

by:FSOFT-SA
ID: 39661464
The option "-oPasswordAuthentication=no" on the 'ssh' command line works fine for me.
0
 
LVL 36

Expert Comment

by:mccarl
ID: 39661537
@FSOFT-SA,  Glad to help! :)

@arnold,  I don't think there is anything shortsighted or incorrect about this method. All it is saying is that IF public key authentication has failed, rather than fallback and attempt a password authentication which can never succeed anyway, just fail the whole attempt straight away. The end result is still the same, either the ssh process succeeds due to correct public key auth otherwise the process fails (just now it fails without having to have shown the useless password dialog box). And I don't see how authentication methods used relates to loss of connectivity or firewall misconfiguration, or what feedback is provided
0
 
LVL 81

Expert Comment

by:arnold
ID: 39661566
McCall,  
I agree that your suggestion is valid, my point on the shortsighted deals with adding a "reporting" mechanism rather than failing gracefully which is how I interpreted the question given the current situation where a "user" gets a prompt for a password.

The option to disable password auth, means the user's attempts fails. Not sure what if any notice is output to the user or if any notification to the admin is made to indicate an attempt to access servers failed for login/authentication issue.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses
Course of the Month15 days, 7 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question