Re: ssh questions

From: Anthony Schneider (aschneid@mail.slc.edu)
Date: 06/12/02

Next message: a1miran6325d83@lycos.com: "** You are approved. **"
Previous message: Bruce M Simpson: "Re: firewall 'stateful failover'"
In reply to: Peter Pentchev: "Re: ssh questions"
Next in thread: Matt Piechota: "Re: ssh questions"
Reply: Matt Piechota: "Re: ssh questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 12 Jun 2002 14:14:56 +0000
From: Anthony Schneider <aschneid@mail.slc.edu>
To: Peter Pentchev <roam@ringlet.net>

I've never had a problem sending passphrases to ssh via expect, personally.
-Anthony.

>
> BTW, have you actually tried this with SSH and/or sftp? I have no doubt
> that it will work as far as the sending of commands, but there might be
> a little problem concerning the authentication itself: SSH is really,
> really picky about having the password or passphrase read from a
> terminal, not from just any input stream. Thus, when Expect opens SSH,
> attaching pipes to its standard input and output, SSH will refuse to
> read a passphrase from its stdin and try to read it from the controlling
> terminal instead. Since a cron-run process will have no controlling
> terminal, SSH will exit with a message along the lines of 'you have no
> controlling terminal, unable to read passphrase'.
>
> Thus, even with Expect, one will need to setup some form of
> empty-passphrase authentication for unattended SSH/scp/sftp connections.
>
> G'luck,
> Peter
>
> --
> Peter Pentchev roam@ringlet.net roam@FreeBSD.org
> PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
> Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
> If you think this sentence is confusing, then change one pig.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

application/pgp-signature attachment: stored

Next message: a1miran6325d83@lycos.com: "** You are approved. **"
Previous message: Bruce M Simpson: "Re: firewall 'stateful failover'"
In reply to: Peter Pentchev: "Re: ssh questions"
Next in thread: Matt Piechota: "Re: ssh questions"
Reply: Matt Piechota: "Re: ssh questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Controlling ssh from an external program
... passphrase could be discovered and the private key would fall into dangerous ... NB the SSH environment strings need to be included in this mixture! ... character as the final character could signify accept from a file. ... Controlling ssh from an external program ...
(SSH)
Re: More on learning "Public Key Authentication"
... > computers in my local network are configured that way. ... > A long passphrase is a good idea but for other reasons. ... I _think_ a passphrase is used merely to verify that a public SSH ... _public_ keys between computers, so I do not even use a public SSH ...
(comp.sys.mac.system)
different SSH/keychain behavior on Fedora Core 4?
... I'm wondering if anyone's seen different SSH and keychain behavior on ... But since upgrading the home machine to FC4 this trick no longer works ... for the passphrase for the local RSA private key... ... I realize that this may be more of an SSH question than an actual Fedora ...
(Fedora)
Re: Defering passphrase entry with ssh-add
... I'm not aware of any technical reason why ssh-add couldn't defer requesting a password until its required. ... Yes which is why you only check/run it when ssh is used. ... until it determined it needed your passphrase. ... Again, ssh-agent works for me across all terminals as well as just in X, it's ssh-add you are talking about here which is ...
(SSH)
Re: Passphraseless SSH login and cron
... order to do SSH logins without having to type a passphrase. ... henceforth in this session I can do passphraseless SSH logins. ... so that the script to be run by cron can execute ... agent, ...
(comp.security.ssh)