Date: Wed, 9 May 2001 17:51:13 -0700 From: "Robert L Sowders" <rsowders@usgs.gov> To: Blake Swensen <blake@pyramus.com> Cc: freebsd-questions@freebsd.org, lucas@slb.to, owner-freebsd-questions@FreeBSD.ORG Subject: Re: automating dump | ssh Message-ID: <OF1F4A4187.6BC526D4-ON88256A48.00044280@wr.usgs.gov>
next in thread | raw e-mail | index | archive | help
Assuming you want to dump as root try the following, I did this to setup
cron'd rsync mirror, should work for dump.
You have to make the keys without passphrases ( not real secure ) and then
move the .pub files to the receiving machine changing the name to
authorized_keys(2). The key is one long line so don't open it up on
windows with anything. Just move with scp.
Step by step for ssh version 1
1. Turn on root logins in /etc/sshd_config on receiving machine
2. Generate key with ssh_keygen , on sending machine, leave passphrase
blank.
3. if exists in receiver empty authorized_keys of sending machine
4. if exists in receiver empty known_hosts of sending machine
5. connect once from receiving machine to sending machine to establish
corrected line in known_hosts
6. scp /root/.ssh/identity.pub
name_of_receiving_machine:.ssh/authorized_keys
7. Try the connection with ssh -v name_of_receiving_machine
Step by step for ssh version 2
1. Turn on root logins in /etc/sshd_config on receiving machine
2. Generate key with ssh_keygen -d, on sending machine, leave passphrase
blank.
3. if exists in receiver empty authorized_keys2 of send machine
4. if exists in receiver empty known_hosts2 of sending machine
5. connect once from receiving machine to sending machine to establish
corrected line in known_hosts2
6. scp /root/.ssh/id_dsa.pub
name_of_receiving_machine:.ssh/authorized_keys2
7. Try the connection with ssh -v -2 name_of_receiving_machine
After the initial authorized_keys(2) files are made and subsequent
additions should scp the .pub files to the receiving machine and then
append them onto the end of the file like this, cat new_file >>
authorized_keys
From the man page:
SSH 2 provides additional mechanisms for confidentiality (the traffic is
encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity
(hmac-sha1, hmac-md5). Note that SSH 1 lacks a strong mechanism for
ensuring the integrity of the connection.
Step 5 is probably optional. I usually swap the .pub files both ways
between machines just so I don't get them mixed up.
Hope this helps.
Blake Swensen <blake@pyramus.com>
Sent by: owner-freebsd-questions@FreeBSD.ORG
05/09/2001 02:20 PM
To: lucas@slb.to
cc: freebsd-questions@freebsd.org
Subject: Re: automating dump | ssh
Yeah...
That's the same thing that I thought. After generating the keys,
placing them in the appropriate directories on both systems, and setting
the appropriate flags in ssh2_config...
The manual says (please note the big "not yet implemented" notes!):
PasswordAuthentication
Specifies whether to use password authentication.
The argument must be "yes" or "no". (not yet
implemented)
RHostsAuthentication
Specifies whether to try rhosts based authentica-
tion. Note that this declaration only affects the
client side and has no effect whatsoever on secu-
rity. Disabling rhosts authentication may reduce
authentication time on slow connections when rhosts
authentication is not used. Most servers do not
permit RhostsAuthentication because it is not
secure (see RhostsRSAAuthentication). The argument
must be "yes" or "no". (not yet implemented)
FreeBSD 4.0-RELEASE
SSH Version OpenSSH-1.2.2, protocol version 1.5.
Compiled with SSL.
Any other ideas?
Peace,
Blake
Lucas Bergman wrote:
> > Anyone know how to supply the password to ssh in order to automate
> > x-network dump?
> >
> > Like
> > dump -0af - /filesystem | ssh -f another-machine "cat >
> > /path/to/dump/file" < password_file
> >
> > which doesn't work, btw, but you get the idea.
>
> Set up ssh so you don't need a password:
>
> man ssh-keygen
> man ssh
>
> Lucas
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF1F4A4187.6BC526D4-ON88256A48.00044280>