On Wed, May 01, 2002 at 01:56:41PM -0500, Mike wrote:
> Has anyone done any host based authentication with SSH or OpenSSH. > I'm trying to automate a scp (secure copy) cron job. Yep, I've done it. It's not as hard as the docs want to make it out to be. Here's how: In the user's ~/.ssh directory are several relevant files: authorized_keys identity.pub known_hosts known_hosts2 So let's assume for a moment that "host1" is the machine from which the file is being copied, and "host2" is the target of the copy. Let's further assume that user "wrstone" with the home directory path "/home/wrstone" is making the copy and that both users exist on both machines. Here's the basic crux of the matter. To do this seamlessly, the file host2:/home/wrstone/.ssh/authorized_keys needs to have the contents of host1:/home/wrstone/.ssh/identity.pub. This is actually pretty easy. Copy host1:/home/wrstone/.ssh/identity.pub to host2:/home/wrstone/.ssh/identity.host1. Next, cat identity.host1 >> authorized_keys. And that's that. Now host1 should be able to scp files to and from host2 without being prompted for a password or other identifying characteristics. For that matter, the user will be able to ssh to host2 without being prompted, either. Now, it goes without saying that this shouldn't be done with user root -- if someone were to hack host1, they've automatically hacked host2. In fact, if you want to do it really slickly, you'll invent some user on both hosts with really limited access rights -- a user whose sole purpose is to scp files for other users. When the real user drops a file in a copy directory on host1, a user level cronjob watches that directory and eventually copies it to an inbound directory on host2. And then you have some user cronjob on host2 watch for inbound files and distribute them. It's a little more complicated, but by doing it this way, you avoid "trusted" users between systems. Hope this helps. Bill Stone ___________________________________________________________________ William Stone, III | Certifications: CISSP, RHCE, CCNA Proprietor | Phone: (605) 232-6771 William Stone & Associates | FAX: (605) 232-6763 P.O. Box 1967 | E-Mail: [EMAIL PROTECTED] North Sioux City, SD 57049 | Web: http://www.wrstone.com ______________________________|____________________________________
