Kaushal Shriyan wrote:
Hi again,
I have couple of questions:
<target name="stop-tomcat">
<!-- Executes remote command via ssh -->
<sshexec host="host0072.example.com" username="kaushal"
password="xxxxxx" trust="true"
command="sudo /etc/init.d/tomcat0 start" />
</target>
the password field is exposed here. is there a way to secure it. ?
You can create yourself a ssh public/private key pair.
Assuming you are using a PC and have installed cygwin on the PC, and
also the openssh of cygwin, you can do this :
ssh-keygen -t rsa
for automated work it is easier to create a private key without
passphrase. You may also want not to do that for security reasons, it is
up to you. As soon as you do fully automated work, passwords have to be
either not requested by the system or hard-coded somewhere.
Then copy the public key id_rsa.pub as authorized_keys in the .ssh
folder of the remote host. The authorized_keys file must be readable and
writable only for its owner, the .ssh directory must be rwx only for its
owner too, and the home directory must not be writable by group or other
someu...@somehost # ls -ld . .. authorized_keys
drwx------ 2 someuser staff 512 Jun 12 2009 .
drwxr-xr-x 45 someuser staff 1536 Mar 7 18:24 ..
-rw------- 1 someuser staff 1662 May 27 2009 authorized_keys
afterwards you can use the sshexec task with the keyfile attribute
instead of the password attribute. keyfile is usually
${user.home}/.ssh/id_rsa (for a RSA key)
Then for sudo it is possible to configure "sudoers" to allow certain
commands without password entry. Our UNIX admin does that.
Regards,
Antoine
Also when i run the command ant -lib lib/ stop-tomcat the string
"command="sudo /etc/init.d/tomcat start"" asks for password
again on the stdout. is there a way to handle this condition since i
need to start tomcat server as tomcat user.
Thanks and Regards,
Kaushal
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
