Gary,
Summary
To set the ssh batch processing with public/private key.
1. SysAdmin is required to install ssh2 on both the client and server.
2. A SysAdmin creates a user accounts on both the client and server.
3. The User generates a public/private key pair by %> ssh-keygen2 -P (-P
means no passphrase)
4. The User creates an 'identification' and 'authorization' files as shown
below.
5. The User sftp's into the server with his userid/password created by the
SysAdmin.
6. The User places the 'authorization' file and public key into the ~/.ssh2
directory on the remote server.
7. The User then tests access.
Details
1. Required for ...
2. This is the user for the cron job
3. 'ssh-keygen2 -P'
This user is dedicated to this cronjob, so there will not be a passphrase.
Therefore, use the -P. See man page on ssh-keygen2. The -B option is
reserved for a future version.
4. The following is a sample of what the files you should have in the
~/.ssh2 directory:
* id_dsa_1024_a # Private key
This is the private key, and should be protected. If this file is
compromised then someone could automatically connect to any host where this
user's public key resides. Note: If a second key is generated then the file
name could be id_dsa_1024_b, and so on.
* id_dsa_1024_a.pub # Public key
This file needs to be placed in the ~/.ssh2 directory of the destination
server.
* hostkeys # This is a directory where host public keys
are stored.
A. Create an 'authorization' file based on the file names above.
# authorization
# The file names of the public keys are listed here.
# More than one can be listed.
*:
Key id_dsa_1024_a.pub
B. Create an 'identification' file based on the file names above.
# identification
# The file names of the private keys are listed here.
# More than one may be used.
*:
IdKey id_dsa_1024_a
5. 'sftp remote_server'
A. You will have to either start the session from the ~/.ssh2 directory or
'ldir .ssh2'
B. 'cd .ssh2' You should start in the home directory of the user logged
in.
6. Put the 'authorization' and public on remote server.
A. 'put authorization'
B. 'put id_dsa_1024_a.pub'
7. Now test.
A. Exit from remote server.
B. 'ssh remote_server'
You should be logged in, without the server asking for a passphrase.
8. Setting up the cronjob.
A little gotcha that I ran into, was that the /usr/local/bin was not in the
PATH when cronjobs where run. And even though you may list the absolute
path for /usr/local/bin/scp2 in the shell script, the job errors. This is
because scp2 calls ssh2 and sftp2. Therefore, I included
PATH=/usr/bin:/usr/local/bin in my shell script.
GL and hope this helps,
Jim
James L. Burden, Security Engineer and Architect
California Independent System Operator
Phone: 916.351.2243 http://www.caiso.com
41DF 0E4C 26E0 2FD3 8C81 A260 5C40 280E B4AE 7420
_____________________________________
Know yourself, Know your enemy
in a hundred battles you will never be in danger,
Know the ground, Know the weather,
and your victory will be total. - Sun Tzu
_____________________________________
-----Original Message-----
From: Gary Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 18, 2000 11:36 AM
To: [EMAIL PROTECTED]
Subject: SCP Shell Script Authentication
Hello,
I'm new to scp/ssh and am trying to copy files from one unix box to
another. It works great if I run scp from the command line. It prompts me
for a remote password, I enter it, and the file gets copied. But, this needs
to be a cron job. How can this be executed without user intervention. I
noticed the -B option that runs it in batch mode without a pw prompt, but
all I get is access denied. Can someone clear the water for me on this issue
or point me to some good documentation? I've already scanned everything in
the archive that had scp in the subject. Any help is greatly
appreciated.....Thanks, Gary
Gary Johnson
Next Wave Systems
100 Bush Street, Suite 1910
San Francisco, CA 94104
[EMAIL PROTECTED]
415-445-8944 x114
