Re: SSH Connection

From: Bill Tangren (
Date: 06/02/05

  • Next message: Warren Lamboy: "RE: partitioning a hardware RAID"
    Date: Thu, 02 Jun 2005 13:08:14 -0400
    To: General Red Hat Linux discussion list <>
    > I would like to run a script on box A that connects to box B, executes a
    > script there, then returns to complete the original script. The user
    > accounts are different on each box. Box A user is 'oracle', box B user is
    > 'ias'.
    > I tried:
    > ssh servername -l ias /u01/ias/scripts/
    > but I'm prompted for a password.
    > I tried putting the password into the script where it seems to want it, but
    > again, I'm prompted for a password and it processes the password in the
    > script as a command.
    > Do I need to do something in the ssh_config? known_hosts? authorized_keys?
    > I'm not thrilled with the thought of having the password in a script file.
    > So if there's a better way, I'm all for hearing it!
    > Thanks in advance...
    > Kelley Coleman
    > Database Administrator
    > VA Health Administration Center
    > Denver, Colorado
    > 303-331-7521-o
    > 888-732-8802-p
    > 720-319-0454-c

    I have several servers that I use as hot backups of our production
    servers. This is what I do to automate the backups in as secure way as
    possible. You should be able to modify this to suit your needs.

    Step 1:

    Server A is the production server. Server B is the data backup. As root
    on server B, generate a key, and give it a unique name, and don't enter
    a passphrase (just hit enter):

    # ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /root/.ssh/id_rsa_A_backup.
    Your public key has been saved in /root/.ssh/
    The key fingerprint is:

    Step 2:

    Go to /root/.ssh, and ftp to Then cd to /root/.ssh/ (on
    and put the file into that directory. Exit ftp.

    Step 3:

    Telnet into, and cd to /root/.ssh/. If there is a file there
    called authorized_keys2, then:

    Step 4:

    # cat >> authorized_keys2

    If authorized_keys2 doesn't exist, then:

    # mv authorized_keys2

    Step 5:

    If you are doing a backup on using rsync like this:

    # rsync -avrz -e 'ssh -i /root/.ssh/id_rsa_A_backup'

    then you need to add a line to authorized_keys2 like this:

    command="rsync --server -avrz . /home/"

    You MUST add this line immediately before the key you added to the end
    of this file. This line ties the key to the command you are going to run
    on, so that if the key is stolen, the thief can only use it to run
    this command. They *shouldn't* be able to get general root access to
    your system.

    Once you do this, you can run your command on and see if it works.
    If it does, you can put it in a cron script to run automatically (on


    redhat-list mailing list

  • Next message: Warren Lamboy: "RE: partitioning a hardware RAID"