Automate user/pass transmission?

Discussion in 'Linux Networking' started by Dieter Braun, Nov 25, 2013.

  1. Dieter Braun

    Dieter Braun Guest

    Hi newsgroup,

    I am trying to write a maintenance script which connects to a server via SSH and cleans up several files..
    I know e.g. that you can transmit username and password of HTTP Auth like http://user:, but how can I write a simple bash file to connect via SSH?
    I tried so far: - ssh dbraun@176.94.109.57 -p ku2jsx9r
    - ssh -p ku2jsx9r dbraun@176.94.109.57

    but neither works..

    Can anyone help?

    Thank you,
    Dieter
     
    Dieter Braun, Nov 25, 2013
    #1
    1. Advertisements

  2. I don’t know why you think -p would provide a password.
    Use public key authentication instead.
     
    Richard Kettlewell, Nov 25, 2013
    #2
    1. Advertisements

  3. Hi Dieter,

    You are looking for public key authentication. Providing passwords in
    clear text is a bad idea.

    Short HOWTO:
    - on CLIENT
    * run ssh-keygen -t dsa, no to enter a pass phrase
    * scp .ssh/id_dsa.pub dbraun@176.94.109.57:client-id_dsa.pub
    - on SERVER:
    * mkdir .ssh
    * cat client-id_dsa.pub >> .ssh/authorized_keys

    Afterwards, a simple "ssh dbraun@176.94.109.57" should work without
    prompting for a password.

    Of course, take care to secure .ssh/id_dsa since it holds the private
    key neccessary for login.

    HTH,

    Jamma.
     
    Jamma Tino Schwarze, Nov 25, 2013
    #3
  4. Dieter Braun

    Jorgen Grahn Guest

    I hope that wasn't your real password on that host!
    And be damn sure the owners of any system where that key allows access
    are fine with it existing in a passphrase-less form somewhere.

    Personally I would not allow it.

    A better way to do periodic maintenance is usually via a cron job on
    the server. No networking or login is involved then.

    /Jorgen
     
    Jorgen Grahn, Nov 25, 2013
    #4
  5. Dieter Braun

    Adam Wysocki Guest

    If they're not, they can disable it in sshd config.

    AW
     
    Adam Wysocki, Dec 3, 2013
    #5
  6. Even if they couldn’t it’d be a pretty confused objection in context. A
    password stored on disk, as proposed, is no better than a key stored on
    disk (assuming for the sake of argument that both are comparably
    strong).
     
    Richard Kettlewell, Dec 3, 2013
    #6
  7. Dieter Braun

    Jorgen Grahn Guest

    How? The answer is not "PermitEmptyPasswords no" if that's what
    you're thinking; that doesn't apply to public key authentication.

    As I understand it, the unlocking of the secret key is completely out
    of the server's control, so there is no way to disable it on the
    server side.
    I never suggested anyone should store plaintext passwords on disk (or
    for that matter, place them on the command line for everyone to see).

    /Jorgen
     
    Jorgen Grahn, Dec 4, 2013
    #7
  8. “in context†is the bit you seem to be missing. Have a look at the OP’s
    original guess.
     
    Richard Kettlewell, Dec 4, 2013
    #8
  9. Dieter Braun

    Jorgen Grahn Guest

    Well, I thought it was obvious already that passwords on the command
    line is a Really Bad Idea. Surely it must be ok to point out that
    something is insecure, without listing all the even worse alternatives?

    /Jorgen
     
    Jorgen Grahn, Dec 7, 2013
    #9
  10. Dieter Braun

    Adam Wysocki Guest

    You're right, I missed the "passphrase-less" part and I was talking
    about completely disabling public key authentication.

    AW
     
    Adam Wysocki, Dec 7, 2013
    #10
  11. Dieter Braun

    Adam Wysocki Guest

    It all depends on the configuration. If he for example has his personal
    LAN with two computers, without other users and without connection to
    the Internet, then I would justify it. Maybe security doesn't matter in
    this specific case, we don't know.

    But in most cases you're right.

    AW
     
    Adam Wysocki, Dec 7, 2013
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.