Re: SSH Connection

From: Bill Tangren (bjt_at_aa.usno.navy.mil)
Date: 06/02/05

  • Next message: Warren Lamboy: "RE: partitioning a hardware RAID"
    Date: Thu, 02 Jun 2005 13:08:14 -0400
    To: General Red Hat Linux discussion list <redhat-list@redhat.com>
    
    

    Kelley.Coleman@med.va.gov wrote:
    > I would like to run a script on box A that connects to box B, executes a
    > script there, then returns to complete the original script. The user
    > accounts are different on each box. Box A user is 'oracle', box B user is
    > 'ias'.
    >
    > I tried:
    >
    > ssh servername -l ias /u01/ias/scripts/test_script.sh
    >
    > but I'm prompted for a password.
    >
    > I tried putting the password into the script where it seems to want it, but
    > again, I'm prompted for a password and it processes the password in the
    > script as a command.
    >
    > Do I need to do something in the ssh_config? known_hosts? authorized_keys?
    >
    > I'm not thrilled with the thought of having the password in a script file.
    > So if there's a better way, I'm all for hearing it!
    >
    > Thanks in advance...
    >
    > Kelley Coleman
    > Database Administrator
    > VA Health Administration Center
    > Denver, Colorado
    > 303-331-7521-o
    > 888-732-8802-p
    > 720-319-0454-c
    >

    I have several servers that I use as hot backups of our production
    servers. This is what I do to automate the backups in as secure way as
    possible. You should be able to modify this to suit your needs.

    Step 1:

    Server A is the production server. Server B is the data backup. As root
    on server B, generate a key, and give it a unique name, and don't enter
    a passphrase (just hit enter):

    # ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa):
    /root/.ssh/id_rsa_A_backup
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /root/.ssh/id_rsa_A_backup.
    Your public key has been saved in /root/.ssh/id_rsa_A_backup.pub.
    The key fingerprint is:
    ee:19:aa:f5:ac:62:dc:18:7d:cd:dd:9e:66:62:0d:98 root@B.com
    #

    Step 2:

    Go to /root/.ssh, and ftp to A.com. Then cd to /root/.ssh/ (on A.com)
    and put the id_rsa_A_backup.pub file into that directory. Exit ftp.

    Step 3:

    Telnet into A.com, and cd to /root/.ssh/. If there is a file there
    called authorized_keys2, then:

    Step 4:

    # cat id_rsa_A_backup.pub >> authorized_keys2
    #

    If authorized_keys2 doesn't exist, then:

    # mv id_rsa_A_backup.pub authorized_keys2
    #

    Step 5:

    If you are doing a backup on B.com using rsync like this:

    # rsync -avrz -e 'ssh -i /root/.ssh/id_rsa_A_backup' A.com:/home/
    /home/A/home/

    then you need to add a line to authorized_keys2 like this:

    command="rsync --server -avrz . /home/"

    You MUST add this line immediately before the key you added to the end
    of this file. This line ties the key to the command you are going to run
    on B.com, so that if the key is stolen, the thief can only use it to run
    this command. They *shouldn't* be able to get general root access to
    your system.

    Once you do this, you can run your command on B.com and see if it works.
    If it does, you can put it in a cron script to run automatically (on
    B.com).

    HTH

    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: Warren Lamboy: "RE: partitioning a hardware RAID"

    Relevant Pages

    • Re: Same Internal Server Error from last two days
      ... I am trying to run a Hello World Perl Script in Apache 2.2. ... But its constantly giving me Internal Server Error.The script ... # have to place corresponding `LoadModule' lines at this location so the ...
      (perl.beginners)
    • Re: Same Internal Server Error from last two days
      ... I am trying to run a Hello World Perl Script in Apache 2.2. ... But its constantly giving me Internal Server Error.The script Runs perfectly fine from the command prompt. ... # This is the main Apache HTTP server configuration file. ... LoadModule actions_module modules/mod_actions.so ...
      (perl.beginners)
    • Same Internal Server Error from last two days
      ... I am trying to run a Hello World Perl Script in Apache 2.2. ... But its constantly giving me Internal Server Error.The script ... # have to place corresponding `LoadModule' lines at this location so the ...
      (perl.beginners)
    • Re: Regarding a selection for mobile code/scripting language
      ... Client Side scripting, so the server can send script commands to the client. ... I decided they should be scripted and mobile code. ...
      (Vuln-Dev)
    • Re: HTTPSConnection script fails, but only on some servers (long)
      ... (HTTP/CONNECT + switch to HTTPS) ... wget and my python script. ... >>The python script works with server A, ... the problem seems to depend on both the client ...
      (comp.lang.python)