From owner-freebsd-questions  Wed May  9 17:51:35 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from gscamnlm03.wr.usgs.gov (gscamnlm03.wr.usgs.gov [130.118.4.113])
	by hub.freebsd.org (Postfix) with ESMTP
	id E767537B422; Wed,  9 May 2001 17:51:23 -0700 (PDT)
	(envelope-from rsowders@usgs.gov)
To: Blake Swensen <blake@pyramus.com>
Cc: freebsd-questions@freebsd.org, lucas@slb.to,
	owner-freebsd-questions@FreeBSD.ORG
Subject: Re: automating dump | ssh
X-Mailer: Lotus Notes Release 5.0.3  March 21, 2000
Message-ID: <OF1F4A4187.6BC526D4-ON88256A48.00044280@wr.usgs.gov>
From: "Robert L Sowders" <rsowders@usgs.gov>
Date: Wed, 9 May 2001 17:51:13 -0700
X-MIMETrack: Serialize by Router on gscamnlm03/SERVER/USGS/DOI(Release 5.0.3 |March 21, 2000) at
 05/09/2001 05:51:18 PM,
	Serialize complete at 05/09/2001 05:51:18 PM
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Assuming you want to dump as root try the following, I did this to setup 
cron'd rsync mirror, should work for dump. 

You have to make the keys without passphrases ( not real secure ) and then 
move the .pub files to the receiving machine changing the name to 
authorized_keys(2).  The key is one long line so don't open it up on 
windows with anything.  Just move with scp.

Step by step for ssh version 1

1.  Turn on root logins in /etc/sshd_config on receiving machine
2.  Generate key with ssh_keygen , on sending machine, leave passphrase 
blank.
3.  if exists in receiver empty authorized_keys of sending machine
4.  if exists in receiver empty known_hosts of sending machine
5.  connect once from receiving machine to sending machine to establish 
corrected line in known_hosts
6.  scp /root/.ssh/identity.pub 
name_of_receiving_machine:.ssh/authorized_keys
7.  Try the connection with ssh -v name_of_receiving_machine
 
Step by step for ssh version 2

1.  Turn on root logins in /etc/sshd_config on receiving machine
2.  Generate key with ssh_keygen -d, on sending machine, leave passphrase 
blank.
3.  if exists in receiver empty authorized_keys2 of send machine
4.  if exists in receiver empty known_hosts2 of sending machine
5.  connect once from receiving machine to sending machine to establish 
corrected line in known_hosts2
6.  scp /root/.ssh/id_dsa.pub 
name_of_receiving_machine:.ssh/authorized_keys2
7.  Try the connection with ssh -v -2 name_of_receiving_machine

After the initial authorized_keys(2) files are made and subsequent 
additions should scp the .pub files to the receiving machine and then 
append them onto the end of the file like this, cat new_file >> 
authorized_keys

From the man page:
SSH 2 provides additional mechanisms for confidentiality (the traffic is 
encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity 
(hmac-sha1, hmac-md5).  Note that SSH 1 lacks a strong mechanism for 
ensuring the integrity of the connection.

Step 5 is probably optional.  I usually swap the .pub files both ways 
between machines just so I don't get them mixed up.

Hope this helps.





Blake Swensen <blake@pyramus.com>
Sent by: owner-freebsd-questions@FreeBSD.ORG
05/09/2001 02:20 PM

 
        To:     lucas@slb.to
        cc:     freebsd-questions@freebsd.org
        Subject:        Re: automating dump | ssh

Yeah...

That's the same thing that I thought.  After generating the keys,
placing them in the appropriate directories on both systems, and setting
the appropriate flags in ssh2_config...

The manual says (please note the big "not yet implemented" notes!):
      PasswordAuthentication
              Specifies whether to use  password  authentication.
              The  argument  must  be  "yes"  or  "no".  (not yet
              implemented)

       RHostsAuthentication
              Specifies whether to try rhosts  based  authentica-
              tion.   Note that this declaration only affects the
              client side and has no effect whatsoever  on  secu-
              rity.   Disabling  rhosts authentication may reduce
              authentication time on slow connections when rhosts
              authentication  is  not  used.  Most servers do not
              permit  RhostsAuthentication  because  it  is   not
              secure (see RhostsRSAAuthentication).  The argument
              must be "yes" or "no".  (not yet implemented)

FreeBSD 4.0-RELEASE
SSH Version OpenSSH-1.2.2, protocol version 1.5.
Compiled with SSL.


Any other ideas?

Peace,
Blake

Lucas Bergman wrote:

> > Anyone know how to supply the password to ssh in order to automate
> > x-network dump?
> >
> > Like
> > dump -0af - /filesystem | ssh -f another-machine "cat >
> > /path/to/dump/file" < password_file
> >
> > which doesn't work, btw, but you get the idea.
>
> Set up ssh so you don't need a password:
>
>   man ssh-keygen
>   man ssh
>
> Lucas


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message