[Larry McVoy]
> This is my problem. You could help if you could tell me what exactly
> are the magic wands to wave such that you can ssh in without typing
> a password. I know about ssh-agent but that doesn't help for this,
> I know that in certain cases ssh lets me in without anything. I thought
> there was some routine where you ssh-ed one way and then the other way
> and it left enough state that it trusted you, does any ssh genuis out
> there know what I'm talking about? If I have this, I can set up the
> cron job, I'm sure this is obvious and I'm just overlooking something
> but I can't find it.
When I'm paranoid I do something like this:
Source host:
$ ssh-keygen -t dsa -b 2048 -f keyfile -P ""
on the target add a line to ~someuser/.ssh/authorized_keys2:
from="allowed.hostname",command="/some/command" ssh-dss AA[and the rest of keyfile.pub]
/some/command looks like this:
#!/bin/sh
if cd /target ; then
:
else
echo FAILED1
exit
fi
if cat > filename ; then
:
else
echo FAILED4
exit
fi
if [ \! -s filename ] ; then
echo FAILED2
exit
fi
prev=".9"
for i in .8 .7 .6 .5 .4 .3 .2 .1 ""; do
mv filename$i filename$prev >/dev/null 2>&1
prev=$i
done
if mv filename.transport filename ; then
check=`sum -r filename | awk '{print $1}'`
echo OK$check
exit
fi
echo FAILED3
The command to send the file is typically:
#!/bin/sh
check=`sum -r /file/to/send | awk '{print $1}'`
reply=`(cat /file/to/send ; sleep 5 ) | \
ssh -l someuser -i keyfile target "echo hello there"`
if [ "x$reply" = "xOK$check" ] ; then
echo Copy OK $check
else
echo COPY NOT OK. Please do something.
fi
-- - Terje malmedal@usit.uio.no - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Feb 15 2002 - 21:00:32 EST