Solved

Setting authentication key

Posted on 2015-01-11
22
148 Views
Last Modified: 2015-02-05
I have some script in another machine, lets call it machine2, i need to access and ge the result from my current machine, i need to call it, but everytime the function in that other machine is called im being asked for user password, how can i set an authentication key so im not asked for password anymore??

my current remote call is as follows: ssh user@machine2 location/script.ksh
0
Comment
Question by:celtician
  • 9
  • 7
  • 2
  • +3
22 Comments
 
LVL 84

Expert Comment

by:ozo
ID: 40543695
see under AUTHENTICATION in
man ssh
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 40543756
you can set trust or automated login between the two systems, please see steps in below link:

http://www.linuxproblem.org/art_9.html

Or if you don't want to set automated login, then you can use expect to capture and response to prompts. Please see link below on how to use expect:

http://expect.sourceforge.net/
http://www.journaldev.com/1405/expect-script-example-for-ssh-and-su-login-and-running-commands
0
 
LVL 8

Accepted Solution

by:
Pepe2323 earned 300 total points
ID: 40544683
Hi

using ssh u can do that, here are the steps:

1) ssh-keygen -t rsa

u will need to fill the questions:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A

2) on Server two crate a directory .ssh at home user

cd $HOME
mkdir .ssh

3)  from server 1 copy the public key

cat .ssh/id_rsa.pub | ssh user@server2 'cat >> .ssh/authorized_keys'

END

You will be able to login from server 1 to server 2 without password


Regards.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:celtician
ID: 40572542
When i create a new keky pair, i launch the next command:

user1@machine1> ssh-keygen -t rsa

And i get:
 Generating public/private rsa key pair.
Enter file in which to save the key (/home/userName/.ssh/id_rsa/):

I press enter leaving it blank and i get:

/home/userName/.ssh/id_rsa already exists.
Overwrite(yes/no) ?

Y type in "no", because there is already a key created

Shoud i press yes?? overwriting the key will stop other users from using the previous one??

In the next step, i execute:

user1@machine1> ssh user2@machine2 mkdir -p .ssh

Im asked for password and i enter it, ir returns no error, just the prompt again.

Then i execute again from machine 1 in the home folder:

cat .ssh/id_rsa.pub | ssh user2@machine2 'cat >> .ssh/authorized_keys'

Im asked for password, i enter it, and again no error, it seems to have been fine.

And now this is when i should log into machine2 without the need to enter the password, but when i

ssh user2@machine2

I keep being asked for password

why??
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40572842
which OS?

For Linux:
create your keys:
ssh-keygen

Open in new window


Then, use ssh-copy-id from the source to the remote. First time it'll ask for the password. But the second time it wont. ssh-copy-id  will appends the keys to the remote-host’s .ssh/authorized_key.

ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host

Open in new window


SO, you can:
ssh remote-host without password.

Open in new window



For AIX:

Just see
http://loveforunix.com/2014/11/17/116/

Hopes this helps.
0
 

Author Comment

by:celtician
ID: 40574634
My OS is Unix-Solaris, ill try that solution today.
0
 

Author Comment

by:celtician
ID: 40574646
What parameter should i add to ssh -keygen??

I get these options:

 -l user     Log in using this user name.
  -n          Redirect input from /dev/null.
  -F config   Config file (default: ~/.ssh/config).
  -A          Enable authentication agent forwarding.
  -a          Disable authentication agent forwarding (default).
  -X          Enable X11 connection forwarding.
  -x          Disable X11 connection forwarding (default).
  -i file     Identity for public key authentication (default: ~/.ssh/identity)
  -t          Tty; allocate a tty even if command is given.
  -T          Do not allocate a tty.
  -v          Verbose; display verbose debugging messages.
              Multiple -v increases verbosity.
  -V          Display version number only.
  -q          Quiet; don't display any warning messages.
  -f          Fork into background after authentication.
  -e char     Set escape character; ``none'' = disable (default: ~).
  -c cipher   Select encryption algorithm
  -m macs     Specify MAC algorithms for protocol version 2.
  -p port     Connect to this port.  Server must be on the same port.
  -L listen-port:host:port   Forward local port to remote address
  -R listen-port:host:port   Forward remote port to local address
              These cause ssh to listen for connections on a port, and
              forward them to the other side by connecting to host:port.
  -D port     Enable dynamic application-level port forwarding.
  -C          Enable compression.
  -N          Do not execute a shell or command.
  -g          Allow remote hosts to connect to forwarded ports.
  -1          Force protocol version 1.
  -2          Force protocol version 2.
  -4          Use IPv4 only.
  -6          Use IPv6 only.
  -o 'option' Process the option as if it was read from a configuration file.
  -s          Invoke command (mandatory) as SSH2 subsystem.
  -b addr     Local IP address.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 40574839
What ssh software / version you use?
0
 

Author Comment

by:celtician
ID: 40574938
Im using:

Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40574995
Hi celtician,

ssh-keygen is only ONE command, see that you have split the command in ssh -keygen.
run sh-keygen without options.
0
 

Author Comment

by:celtician
ID: 40575042
im still being asked for options when running it:

ssh-keygen

You must specify a key type (-t).
Usage: ssh-keygen [options]
Options:
  -b bits     Number of bits in the key to create.
  -c          Change comment in private and public key files.
  -e          Convert OpenSSH to IETF SECSH key file.
  -f filename Filename of the key file.
  -i          Convert IETF SECSH to OpenSSH key file.
  -l          Show fingerprint of key file.
  -p          Change passphrase of private key file.
  -q          Quiet.
  -y          Read private key file and print public key.
  -t type     Specify type of key to create.
  -B          Show bubblebabble digest of key file.
  -C comment  Provide new comment.
  -N phrase   Provide new passphrase.
  -P phrase   Provide old passphrase.
0
 
LVL 2

Assisted Solution

by:CSIA AN
CSIA AN earned 200 total points
ID: 40575073
wirth no optionas, ssh-keygen wil create keys for RDS... from man ssh-keys:

SCRIPTION
     ssh-keygen generates, manages and converts authentication keys for ssh(1).  ssh-keygen can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH pro-
     tocol version 2.  The type of key to be generated is specified with the -t option.  If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2
     connections.
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40575075
RSA, not RDS..sorry for typo...
0
 

Author Comment

by:celtician
ID: 40575085
Im not given the possibility of executing the command without options.... at least in this version.
0
 
LVL 29

Expert Comment

by:serialband
ID: 40575086
It seems that sun's version is requiring you to specify a key type

Try the following
ssh-keygen -t RSA
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40575131
From my point of view, what's important is to execute ssh-copy-id -i user@remotehost only one time, then you will able to ssh user@remotehost without prompt...
0
 

Author Comment

by:celtician
ID: 40577089
RSA seem to be an unknown type for my system:

ssh-keygen -t RSA
unknown key type RSA


should i specify any other??
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40577193
dis you tried lower case?  ssh-keygen -t rsa
0
 

Author Comment

by:celtician
ID: 40577232
Ok, in lower case works, but again as stated before, it keeps asking to replace an alredy set key.... if i do will this affect other users/scripts using the previous one? (this username is shared by many people...)
0
 
LVL 2

Expert Comment

by:CSIA AN
ID: 40577246
then do not replace nothing.. it means you have create them before.. Now it's time to use ssh-copy-id script, as I told you before, to configure authorized_keys for the user on the remote host.... have you tried?
0
 
LVL 29

Expert Comment

by:serialband
ID: 40577323
Or copy the old key to a backup file and create the new key.  Then, copy the new public key to the ~/.ssh/authorized_keys file of the remote server.

If you know the passphrase of your previous key.  You can copy the old public key to the ~/.ssh/authorized_keys file of the remote server.
0
 

Author Comment

by:celtician
ID: 40591581
I have tried many times, it isn't working with these users, i don't know why, it seems quite simple... i will contact the systems department of my company to solve it ... :(
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AIX Server 10 91
Using Grep to Find a file 8 107
phantom space used up on RHEL?  (du shows no space used) 1 85
Field name with special character (Ñ) in Oracle 11 141
Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question