Solved

Setting authentication key

Posted on 2015-01-11
22
138 Views
Last Modified: 2015-02-05
I have some script in another machine, lets call it machine2, i need to access and ge the result from my current machine, i need to call it, but everytime the function in that other machine is called im being asked for user password, how can i set an authentication key so im not asked for password anymore??

my current remote call is as follows: ssh user@machine2 location/script.ksh
0
Comment
Question by:celtician
  • 9
  • 7
  • 2
  • +3
22 Comments
 
LVL 84

Expert Comment

by:ozo
ID: 40543695
see under AUTHENTICATION in
man ssh
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 40543756
you can set trust or automated login between the two systems, please see steps in below link:

http://www.linuxproblem.org/art_9.html

Or if you don't want to set automated login, then you can use expect to capture and response to prompts. Please see link below on how to use expect:

http://expect.sourceforge.net/
http://www.journaldev.com/1405/expect-script-example-for-ssh-and-su-login-and-running-commands
0
 
LVL 8

Accepted Solution

by:
Pepe2323 earned 300 total points
ID: 40544683
Hi

using ssh u can do that, here are the steps:

1) ssh-keygen -t rsa

u will need to fill the questions:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A

2) on Server two crate a directory .ssh at home user

cd $HOME
mkdir .ssh

3)  from server 1 copy the public key

cat .ssh/id_rsa.pub | ssh user@server2 'cat >> .ssh/authorized_keys'

END

You will be able to login from server 1 to server 2 without password


Regards.
0
 

Author Comment

by:celtician
ID: 40572542
When i create a new keky pair, i launch the next command:

user1@machine1> ssh-keygen -t rsa

And i get:
 Generating public/private rsa key pair.
Enter file in which to save the key (/home/userName/.ssh/id_rsa/):

I press enter leaving it blank and i get:

/home/userName/.ssh/id_rsa already exists.
Overwrite(yes/no) ?

Y type in "no", because there is already a key created

Shoud i press yes?? overwriting the key will stop other users from using the previous one??

In the next step, i execute:

user1@machine1> ssh user2@machine2 mkdir -p .ssh

Im asked for password and i enter it, ir returns no error, just the prompt again.

Then i execute again from machine 1 in the home folder:

cat .ssh/id_rsa.pub | ssh user2@machine2 'cat >> .ssh/authorized_keys'

Im asked for password, i enter it, and again no error, it seems to have been fine.

And now this is when i should log into machine2 without the need to enter the password, but when i

ssh user2@machine2

I keep being asked for password

why??
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40572842
which OS?

For Linux:
create your keys:
ssh-keygen

Open in new window


Then, use ssh-copy-id from the source to the remote. First time it'll ask for the password. But the second time it wont. ssh-copy-id  will appends the keys to the remote-host’s .ssh/authorized_key.

ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host

Open in new window


SO, you can:
ssh remote-host without password.

Open in new window



For AIX:

Just see
http://loveforunix.com/2014/11/17/116/

Hopes this helps.
0
 

Author Comment

by:celtician
ID: 40574634
My OS is Unix-Solaris, ill try that solution today.
0
 

Author Comment

by:celtician
ID: 40574646
What parameter should i add to ssh -keygen??

I get these options:

 -l user     Log in using this user name.
  -n          Redirect input from /dev/null.
  -F config   Config file (default: ~/.ssh/config).
  -A          Enable authentication agent forwarding.
  -a          Disable authentication agent forwarding (default).
  -X          Enable X11 connection forwarding.
  -x          Disable X11 connection forwarding (default).
  -i file     Identity for public key authentication (default: ~/.ssh/identity)
  -t          Tty; allocate a tty even if command is given.
  -T          Do not allocate a tty.
  -v          Verbose; display verbose debugging messages.
              Multiple -v increases verbosity.
  -V          Display version number only.
  -q          Quiet; don't display any warning messages.
  -f          Fork into background after authentication.
  -e char     Set escape character; ``none'' = disable (default: ~).
  -c cipher   Select encryption algorithm
  -m macs     Specify MAC algorithms for protocol version 2.
  -p port     Connect to this port.  Server must be on the same port.
  -L listen-port:host:port   Forward local port to remote address
  -R listen-port:host:port   Forward remote port to local address
              These cause ssh to listen for connections on a port, and
              forward them to the other side by connecting to host:port.
  -D port     Enable dynamic application-level port forwarding.
  -C          Enable compression.
  -N          Do not execute a shell or command.
  -g          Allow remote hosts to connect to forwarded ports.
  -1          Force protocol version 1.
  -2          Force protocol version 2.
  -4          Use IPv4 only.
  -6          Use IPv6 only.
  -o 'option' Process the option as if it was read from a configuration file.
  -s          Invoke command (mandatory) as SSH2 subsystem.
  -b addr     Local IP address.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 40574839
What ssh software / version you use?
0
 

Author Comment

by:celtician
ID: 40574938
Im using:

Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40574995
Hi celtician,

ssh-keygen is only ONE command, see that you have split the command in ssh -keygen.
run sh-keygen without options.
0
 

Author Comment

by:celtician
ID: 40575042
im still being asked for options when running it:

ssh-keygen

You must specify a key type (-t).
Usage: ssh-keygen [options]
Options:
  -b bits     Number of bits in the key to create.
  -c          Change comment in private and public key files.
  -e          Convert OpenSSH to IETF SECSH key file.
  -f filename Filename of the key file.
  -i          Convert IETF SECSH to OpenSSH key file.
  -l          Show fingerprint of key file.
  -p          Change passphrase of private key file.
  -q          Quiet.
  -y          Read private key file and print public key.
  -t type     Specify type of key to create.
  -B          Show bubblebabble digest of key file.
  -C comment  Provide new comment.
  -N phrase   Provide new passphrase.
  -P phrase   Provide old passphrase.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Assisted Solution

by:CSIA AN
CSIA AN earned 200 total points
ID: 40575073
wirth no optionas, ssh-keygen wil create keys for RDS... from man ssh-keys:

SCRIPTION
     ssh-keygen generates, manages and converts authentication keys for ssh(1).  ssh-keygen can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH pro-
     tocol version 2.  The type of key to be generated is specified with the -t option.  If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2
     connections.
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40575075
RSA, not RDS..sorry for typo...
0
 

Author Comment

by:celtician
ID: 40575085
Im not given the possibility of executing the command without options.... at least in this version.
0
 
LVL 27

Expert Comment

by:serialband
ID: 40575086
It seems that sun's version is requiring you to specify a key type

Try the following
ssh-keygen -t RSA
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40575131
From my point of view, what's important is to execute ssh-copy-id -i user@remotehost only one time, then you will able to ssh user@remotehost without prompt...
0
 

Author Comment

by:celtician
ID: 40577089
RSA seem to be an unknown type for my system:

ssh-keygen -t RSA
unknown key type RSA


should i specify any other??
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40577193
dis you tried lower case?  ssh-keygen -t rsa
0
 

Author Comment

by:celtician
ID: 40577232
Ok, in lower case works, but again as stated before, it keeps asking to replace an alredy set key.... if i do will this affect other users/scripts using the previous one? (this username is shared by many people...)
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40577246
then do not replace nothing.. it means you have create them before.. Now it's time to use ssh-copy-id script, as I told you before, to configure authorized_keys for the user on the remote host.... have you tried?
0
 
LVL 27

Expert Comment

by:serialband
ID: 40577323
Or copy the old key to a backup file and create the new key.  Then, copy the new public key to the ~/.ssh/authorized_keys file of the remote server.

If you know the passphrase of your previous key.  You can copy the old public key to the ~/.ssh/authorized_keys file of the remote server.
0
 

Author Comment

by:celtician
ID: 40591581
I have tried many times, it isn't working with these users, i don't know why, it seems quite simple... i will contact the systems department of my company to solve it ... :(
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now