on Fri, Jan 06, 2006 at 09:52:56AM -0700, timriley ([EMAIL PROTECTED]) wrote:
> ---------- Original Message ---------------------------------- > From: Ken Bloom <[EMAIL PROTECTED]> > Reply-To: "lugod's technical discussion forum" <[email protected]> > Date: Thu, 5 Jan 2006 21:48:10 -0600 > > On Thu, Jan 05, 2006 at 06:33:40PM -0700, timriley wrote: > > How do you have a crontab executed process using Expect > > pump a password to another computer? > > Ken Bloom wrote: > > Is this an SSH password you're giving it? If so, try using an SSH > > keypair for authentication. A passwordless key is no less secure than > > having the password in the expect file (it's probably more secure), > > and you can even create single-purpose keys that can only be used to > > run a single command (see http://www.arches.uga.edu/~pkeck/ssh/, > > scroll down to "Single-purpose keys") > > My ultimate goal is to use public/private key pairs after I cross > the learning curve. Thanks for the resource: > http://www.arches.uga.edu/~pkeck/ssh/ . However, if someone > knows of a simple Expect flag to generate a tty when one > is missing, I'd appreciate the quick solution. What learning curve? # Test to see if you've got a key, if not, create one. test -f ~/.ssh/id_dsa.pub || ssh-keygen -t dsa -N "passphrase" # Copy key to remote host ssh ~/.ssh/id_dsa.pub [EMAIL PROTECTED] 'mkdir .ssh; \ touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys; \ cat >> .ssh/authorized_keys' # Test to see if ssh-agent is running, if not, start it. test [ "$SSH_AGENT_PID"x -ne x ] && ps $SSH_AGENT_PID || eval ssh_agent # enter passphrase ssh-add ... You've now got the ability to do stuff like: ssh [EMAIL PROTECTED] 'command [; command ...]' ... without having to enter a passphrase each time. You can use passwordless keys in a reasonably secure environment, or forced-execution keys to run only a single command. ssh-agent allows you to enter a passphrase once, then, using the agent, authenticat without having to enter passphrases each time. If you're running any modern GNU/Linux under an X session, it's likely already running and you just need to ensure you've got a key (ssh-keygen) and 'add-key' to activate it. Using ssh-agent from shell-only or scheduled (cron, at, batch) jobs is slightly more complicated, but doable. Peace. -- Karsten M. Self <[email protected]> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? DON'T PANIC
signature.asc
Description: Digital signature
_______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
