From owner-freebsd-questions Thu Aug 1 7:34: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CECB237B400 for ; Thu, 1 Aug 2002 07:34:03 -0700 (PDT) Received: from mail.halplant.com (ip68-100-145-31.nv.nv.cox.net [68.100.145.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 556D743E88 for ; Thu, 1 Aug 2002 07:34:03 -0700 (PDT) (envelope-from A.J.Caines@halplant.com) Received: by mail.halplant.com (Postfix, from userid 1001) id 64DAD1FE; Thu, 1 Aug 2002 10:34:02 -0400 (EDT) Date: Thu, 1 Aug 2002 10:34:02 -0400 From: Andrew J Caines To: "Morse, Richard E." Cc: FreeBSD Questions Subject: Re: Question about ssh setup... Message-ID: <20020801143402.GE31051@hal9000.halplant.com> Reply-To: Andrew J Caines Mail-Followup-To: "Morse, Richard E." , FreeBSD Questions References: <375F68784081D511908A00508BE3BB1701EF1D61@phsexch22.mgh.harvard.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <375F68784081D511908A00508BE3BB1701EF1D61@phsexch22.mgh.harvard.edu> Organization: H.A.L. Plant X-PGP-Fingerprint: C59A 2F74 1139 9432 B457 0B61 DDF2 AA61 67C3 18A1 X-Powered-by: FreeBSD 4.6-STABLE X-URL: http://halplant.com:88/ Importance: Normal User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Richard, > Hi! I have a problem -- I have a user who wants to be able to connect to my > server via a script, get a directory listing, then use scp to copy some files > off. The problem is that ssh (which is the only way to connect) doesn't allow > you to pass the password to it as a parameter The canonical solution to this problem is the have the client generate a key pair with a null passphrase, then use this key pair for the automated connections. Even if this involves a user with another protected key pair, don't forget you can add any number of public keys to authorized_keys and can invoke ssh pointing to a different private key. Exactly how you implement the process will depend on your trust model. Make sure the host key exchange has already happened. -Andrew- -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@halplant.com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message