[Gllug] How do I do this?
Ian Northeast
ian at house-from-hell.demon.co.uk
Wed Jan 12 23:27:11 UTC 2005
Adrian McMenamin wrote:
> Sorry if this is ludicrously simple.
>
> I want to write a script that I can run, via ssh, on the mail server to
> scp over spams and then get spamassassin to learn them.
>
> All is fine except the scp command does not echo the password request to
> to the screen/standard input so it all fails.
>
> Here is the script -- how do I change it so I can enter in the password
> for username?
>
> #!/bin/sh
>
> scp username at 192.168.0.22:/home/username/morejunk /home/usermail/
Assuming default sshd configuration options:
Generate a key pair on the machine the script is running on, with the
user which is running the script, with ssh-keygen, with a null
passphrase, and add the public one to
192.168.0.22:~username/.ssh/authorized_keys.
Test this with "ssh 192.168.0.22 -l username". It shouldn't ask for the
password, just let you straight in.
Be careful with permissions - ssh is picky and doesn't like it if they
are too liberal, and its error messages aren't over informative. Use 700
or 600 for .ssh and its contents. It's a bit picky about the permissions
on $HOME and even $HOME/.. too. Neither should be writable by group or
other IIRC.
And remember that "authorized" contains a "z":) Creating
.ssh/authorised_keys is the most common error IME. This is a purely .uk
issue of course.
Some people (including the authors of the O'Reilly ssh book) consider
this insecure. Which is why this book does not describe it very well.
Personally I think it's OK on a closed LAN. As long as you trust the
user on the machine initiating the connection of course, which must have
a good password and its private key have 600 permissions as it will when
generated.
Regards, Ian
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list