Re: SSH Connection
From: Stephen Carville (stephen_at_totalflood.com)
Date: Thu, 02 Jun 2005 10:38:34 -0700 To: General Red Hat Linux discussion list <email@example.com>
McDougall, Marshall (FSH) wrote:
> You need to create keys. It's been awhile, but it's spelled out fairly well
> in the man pages for ssh-keygen. One gotcha I remember is that the perms on
> the .ssh directory need to be very tight (600 maybe).
1. Create a key on A as oracle. Call it rsa_script_key and use an empty
2. copy the contents of rsa_script_key.pub to the file
<ias-home>/.ssh/authorized_keys on B.
3. Invoke ssh from A as oracle:
$ ssh -i ~/.ssh/rsa_script_key ias@B -t /u01/ias/scripts/test_script.sh
.ssh directories on both ends must have permission of 700 or better or
ssh will fail. You might need to play with StrictModes in sshd_config.
I think with 3.0 ans above if your home directory is 755 or better
StrictModes won't complain but this threshold has changed over the years.
When all else fails, check in /var/log/messages for hints.
> Regards, Marshall
> -----Original Message-----
> From: Kelley.Coleman@med.va.gov [mailto:Kelley.Coleman@med.va.gov]
> Sent: Thursday, June 02, 2005 9:53 AM
> To: firstname.lastname@example.org
> Subject: SSH Connection
> I would like to run a script on box A that connects to box B, executes a
> script there, then returns to complete the original script. The user
> accounts are different on each box. Box A user is 'oracle', box B user is
> I tried:
> ssh servername -l ias /u01/ias/scripts/test_script.sh
> but I'm prompted for a password.
> I tried putting the password into the script where it seems to want it, but
> again, I'm prompted for a password and it processes the password in the
> script as a command.
> Do I need to do something in the ssh_config? known_hosts? authorized_keys?
> I'm not thrilled with the thought of having the password in a script file.
> So if there's a better way, I'm all for hearing it!
> Thanks in advance...
> Kelley Coleman
> Database Administrator
> VA Health Administration Center
> Denver, Colorado
> Confidentiality Note: This e-mail is intended only for the person or entity
> to which it is addressed, and may contain information that is privileged,
> confidential, or otherwise protected from disclosure. Dissemination,
> distribution, or copying of this e-mail or the information herein by anyone
> other than the intended recipient is prohibited. If you have received this
> e-mail in error, please notify the sender by reply e-mail, phone, or fax,
> and destroy the original message and all copies. Thank you
-- Stephen Carville <email@example.com> Unix and Network Admin Nationwide Totalflood 6033 W. Century Blvd Los Angeles, CA 90045 310-342-3602 -- redhat-list mailing list unsubscribe mailto:firstname.lastname@example.org?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list