RE: sftp question

pmandal_at_cisco.com
Date: 09/21/05

  • Next message: Andre Charbonneau: "question about x11 forwarding in ssh" 
    Date: Tue, 20 Sep 2005 22:34:37 -0700
To: "Miro Dietiker, MD Systems" <info@md-systems.ch>, "Joseph Vaughn" <vaughn@chemmail.chem.fsu.edu>, <secureshell@securityfocus.com>

    Hi,

    Passwordless login is kind of unsafe, one way to login without being
    Prompted repeteadly is to use ssh-agent

    This is how you do it
    On host A from where you want to connect to another machine host B

    On Host A
    eval `ssh-agent`

    ssh-add

    ssh <user name>@<Host B>

    ------------------

    From the same shell you can do ssh as many times without being prompted
    For password

    I am assuming you have already put your public key from host A
    In the authorization file in host B, this works as long as you are
    Working from the same shell or any of its child

    For a new shell, you have to repeat the above process, or export the
    Environment Variables from the first shell to the second one.

    This is how you can do it

    In the shell where you originally executed ssh-agent

    env | grep SSH

    This will show some variables like

        SSH_AGENT_PID=28439
        SSH_AUTH_SOCK=/tmp/ssh-3s4312mmzP/agent.28438

    Set these variables in the new shell where you want to use passwordless
    login

    Thanks
    Pankaj

    -----Original Message-----
    From: Miro Dietiker, MD Systems [mailto:info@md-systems.ch]
    Sent: Tuesday, September 20, 2005 12:53 AM
    To: 'Joseph Vaughn'; secureshell@securityfocus.com
    Subject: AW: sftp question

    The passphrase is to protect a key against stealing.
    If you like to use keybased automatic logins, create a key without a passphrase (enter empty passphrase while asked) and everything just works fine.

    +-------------------------------+ +-------------------------------+
    | Miro Dietiker | | MD Systems Miro Dietiker |
    | Dipl. Ing. FH Elektrotechnik | | Alte Zürcherstrasse 10 |
    | | | 8903 Birmensdorf |
    | | | |
    | Mobile: +41 (0)78 707 30 10 | | Geschäft: +41 (0)43 344 03 56 |
    | | | Fax: +41 (0)43 344 03 57 |
    | m.dietiker@md-systems.ch | | info@md-systems.ch |
    | | | www.md-systems.ch |
    +-------------------------------+ +-------------------------------+

    -----Ursprüngliche Nachricht-----
    Von: Joseph Vaughn [mailto:vaughn@chemmail.chem.fsu.edu]
    Gesendet: Freitag, 16. September 2005 21:43
    An: secureshell@securityfocus.com
    Betreff: sftp question

    Hello

    I hope someone can help me with the following problem.

    Background: We are using SUN hosts running Solaris9. For more than
    15 years we have had our users launch a Cshell script to create a tar
    file. It also does ftp data transfer in the background for
    archiving on remote Macintosh computers. The users just type the
    name of the script on the command line and then he/she enters a file name. The process uses .netrc which contains the remote password.
    Permissions are set so that the users cannot read the contents of .netrc.
       So, the user does not know the password on the archiving host. Of course ftp has huge security problems. So, I am trying to create a similar process using sftp. I have tried to do this using SUN's
    Solaris9 ssh-keygen, ssh-agent, ssh-add, etc. I have tried "passwordless" sftp setups I have found on websites. This description is improper. They don't require your normal password, but they do require a new "passphrase" (ie a new password).

    My question: Help?! Can you tell me how to get Solaris9's version
    of sftp/ssh to work in such a fashion as I described above. That
    is, sftp launched with a Cshell script and have the password/passphrase entered in the background perhaps by another shell script, which is called by the first one.

    Regards.

    Joseph Vaughn 

    --
Dr. Joseph Vaughn
NMR Facility Associate Director
Department of Chemistry and Biochemistry Florida State University Tallahassee, FL 32306-4390
850-644-3334   Phone
850-644-8281   Fax
vaughn@chem.fsu.edu
  • Next message: Andre Charbonneau: "question about x11 forwarding in ssh"

    Relevant Pages

    • Re: /etc/hosts.equiv & .rhosts
      ... want to login at another host, that host needs the first host's name ... best to allow key-only login so hackers can't ... on the port 22 as it WILL be messed with all day long. ... # Protocol 2 only ...
      (comp.os.linux.security)
    • Re: Changing Biztalk Sevice Login Accounts
      ... You'll want to change the identity on the host instances, ... sure it is in IIS_WPG group and that for web services it has rights to the ... > I'm a Biztalk newbie, I installed a two server simple Biztalk setup ... > logins during the installation as the authenticating login. ...
      (microsoft.public.biztalk.general)
    • Re: security on linux
      ... key of every HSRC host I want to login from in the account's ... Treo so I can ssh in from there also. ... After you restart the sshd daemon (this won't kill the ...
      (comp.os.linux.misc)
    • Re: security on linux
      ... key of every HSRC host I want to login from in the account's ... Treo so I can ssh in from there also. ... After you restart the sshd daemon (this won't kill the ...
      (comp.os.linux.misc)
    • RE: sshd / ssh setup
      ... We have an Remote FreeBSD system which is located some where on the ... This method gives the maximum protection possible utilizing ssh. ... Host setup steps. ... Reboot your system to activate sshd and login as root. ...
      (freebsd-questions)