From time to time you will need to connect your servers remotely and execute commands there using scheduled jobs. As the nature of these scheduled jobs/scripts, they have no capability of user interaction like entering user/pass information. (I'm talking about simple shell scripts, you can also use Perl's use Net::SSH::Perl for entering user/pass info) For these scenarios we have the below trick of generating RSA/DSA key pairs and putting it into the authorized_keys file:
[root@server-a ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): --- leave empty
Enter same passphrase again: --- leave empty
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
35:ee:f1:53:f6:d7:85:4b:65:c3:68:f0:b6:59:f5:50 root@server-a
[root@server-a ~]# scp .ssh/id_dsa.pub server-b:/root/.ssh/id_dsa_lr.pub
[root@server-b ~]# cd /root/.ssh/
[root@server-b ~]# cat id_dsa_lr.pub >> authorized_keys
[root@servera ~]# ssh server-b
Last login: Mon Sep 3 12:29:09 2007 from X.X.X.X
[root@server-b ~]#
This example gives server-a the ability of connecting server-b via SSH and without entering any user/pass information.
NOTE : You can also use this trick to connect your Windows boxes using Cygwin SSHD. I will give details on Cygwin on a future article.
No comments:
Post a Comment