El 27/11/14 13:58, Alberto José García Fumero escribió:
El jue, 27-11-2014 a las 12:07 -0500, Rafael Pérez Saborit escribió:
El 26/11/14 17:01, Ulises González Horta escribió:
El mié, 26-11-2014 a las 16:18 -0500, Rafael Pérez Saborit escribió:
net rpc shutdown -f -I 192.168.10.230 -U usuario%contaseña
Compartes llaves públicas y luego
ssh usuario@IP shutdown -h now
Nunca he implementado las llaves publicas, tienes algun manual detallado
de como implementarlo, pues no tengo navegación.
Saludos Panamajack
Esto lo posteó el colega Dermidio hace ya tiempo. Espero que te sirva.
De: Dermidio A.P. <dermi...@holguin.inf.cu>
Reply-to: Lista cubana de soporte técnico en Tecnologias Libres
<gutl-l@jovenclub.cu>
Para: Lista cubana de soporte técnico en Tecnologias Libres
<gutl-l@jovenclub.cu>
Asunto: Re: [Gutl-l] SSH y SCP sin password (Era: Ayuda)
Fecha: Thu, 17 Nov 2011 14:36:49 -0500
Lazaro Raisel Milians Alvarez de la Campa wrote:
La idea de usar ftp es buena, pero me gusta más por SCP, pero ahí es
donde tengo el problema, por SCP necesito pasar el password y no sé
como.
Hola, te mando, y de paso para la lista, esta guia para hacer eso, es
un
poco largo y en ingles, tomado del sitio http://www.thegeekstuff.com
Suerte,
dermidio.
Perform SSH and SCP Without Entering Password on openSSH
In this article, I'll explain how to perform ssh and scp without
entering the password using the SSH Public Key authentication with SSH
Agent on openSSH
There are two levels of security in the SSH key based authentication.
In
order for you to login, you need both the private key and the
passphrase. Even if one of them is compromised, attacker still cannot
login to your account, as both of them are needed to login. This is far
better than typical password based authentication, where if the
password
is compromised, attacker can gain access to the system.
There are two ways to perform ssh and scp without entering the password:
1. *No passphrase.* While creating key pair, leave the passphrase
empty. Use this option for the automated batch processing. for
e.g. if you are running a cron job to copy files between machines
this is suitable option.
2. *Use passphrase and SSH Agent. *If you are using ssh and scp
interactively from the command-line and you don't want to use the
password everytime you perform ssh or scp, I don't recommend the
previous option (no passphrase), as you've eliminated one level of
security in the ssh key based authentication. Instead, use the
passphrase while creating the key pair and use SSH Agent to
perform ssh and scp without having to enter the password everytime
as explained in the steps below.
Following 8 steps explains how to perform SSH and SCP from local-host
to
a remote-host without entering the password on openSSH system
1. Verify that local-host and remote-host is running openSSH
[local-host]$*ssh -V*
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
[remote-host]$*ssh -V*
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
2. Generate key-pair on the local-host using ssh-keygen
[local-host]$*ssh-keygen*
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):*<Hit
enter>*
Enter passphrase (empty for no passphrase):*<Enter your passphrase
here>*
Enter same passphrase again:*<Enter your passphrase again>*
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
31:3a:5d:dc:bc:81:81:71:be:31:2b:11:b8:e8:39:a0 jsmith@local-host
The public key and private key are typically stored in .ssh folder
under
your home directory. In this example, it is under /home/jsmith/.sshd.
You should not share the private key with anybody.
By default the ssh-keygen on openSSH generates RSA key pair. You can
also generate DSA key pair using: *ssh-keygen -t dsa* command.
3. Install public key on the remote-host.
Copy the content of the public key from the local-host and paste it to
the /home/jsmith/.ssh/authorized_keys on the remote-host. If the
/home/jsmith/.ssh/authorized_keys already has some other public key,
you
can append this to the end of it. If the .ssh directory under your home
directory on remote-host doesn't exist, please create it.
[remote-host]$*vi ~/.ssh/authorized_keys*
ssh-rsa ABIwAAAQEAzRPh9rWfjZ1+7Q369zsBEa7wS1RxzWR jsmith@local-host
In simple words, copy the local-host:/home/jsmith/.ssh/id_rsa.pub to
remote-host:/home/jsmith/.ssh/authorized_keys
4. Give appropriate permission to the .ssh directory on the
remote-host.
[remote-host]$*chmod 755 ~/.ssh*
[remote-host]$*chmod 644 ~/.ssh/authorized_keys*
5. Login from the local-host to remote-host using the SSH key
authentication to verify whether it works properly.
[local-host]$*<You are on local-host here>*
**[local-host]$*ssh -l jsmith remote-host*
Enter passphrase for key '/home/jsmith/.ssh/id_rsa':*<Enter your
passphrase here>*
Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102
No mail.
[remote-host]$*<You are on remote-host here>*
6. Start the SSH Agent on local-host to perform ssh and scp
without having to enter the passphrase several times.
Verify whether SSH agent is already running, if not start it as shown
below.* *
[local-host]$ ps -ef | grep ssh-agent
511 9789 9425 0 00:05 pts/1 00:00:00 grep ssh-agent
[local-host]$*ssh-agent $SHELL*
[local-host]$ ps -ef | grep ssh-agent
511 9791 9790 0 00:05 ? 00:00:00 ssh-agent /bin/bash
511 9793 9790 0 00:05 pts/1 00:00:00 grep ssh-agent
7. Load the private key to the SSH agent on the local-host.
[local-host]$*ssh-add*
Enter passphrase for /home/jsmith/.ssh/id_rsa:*<Enter your passphrase
here>*
Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)
Following are the different options available in the ssh-add:
* ssh-add <key-file-name>: Load a specific key file.
* ssh-add -l: List all the key loaded in the ssh agent.
* ssh-add -d <key-file-name>: Delete a specificy key from the ssh
agent
* ssh-add -D: Delete all key
8. Perform SSH or SCP to remote-home from local-host without
entering the password.
[local-host]$*<You are on local-host here>*
[local-host]$*ssh -l jsmith remote-host*
Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102
No mail.
*<ssh did not ask for passphrase this time>*
[remote-host]$*<You are on remote-host here>
*****
Fin.
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
Vale logre implementar las llaves públicas, todo perfecto.
Ahora la cuestión sería darle permiso a mi uusuario sysadmin para que
pueda ejecutar poweroff sin pedir contraseña pues con este usuario me
aroja lo siguiente:
sysadmin@zentyal:~$ poweroff
poweroff: Need to be root
Pues no recurdo como hacerlo una vez lo hice poniendo en sudores que no
usara passwd, ahora no recuerdo bien, pero creo que esa no sería la
opción, pues me pondría más la pc al descubierto, la lógica sería poner
psermiso de ejecución para poweroff al user sysadmin, la cuestión es
como lo hago...
O me corijanme si estoy equivovaco...
PD: lazaro suave con tus comentarios, que te conozco, je je
--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL:
<http://listas.jovenclub.cu/pipermail/gutl-l/attachments/20141128/4c2d4f10/attachment.html>
______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
