[lug] comands over ssh

David dajo at stan.uchsc.edu
Thu Jan 10 15:26:28 MST 2002 

Can anyone help with this problem please?
dajo

I am trying to use ssh to run a command on a remote machine without the need
to supply a password to that machine.  I can do the first part, but my efforts
to use ssh, ssh-agent, and ssh-add to eliminate the password have failed.

Here is, what I take to be, the key part from the man page for ssh; but note
that I am trying to use protocol 2.

     ssh implements the RSA authentication protocol automatically.  The user
     creates his/her RSA key pair by running ssh-keygen(1).  This stores the
     private key in $HOME/.ssh/identity and the public key in
     $HOME/.ssh/identity.pub in the user's home directory.  The user should
     then copy the identity.pub to $HOME/.ssh/authorized_keys in his/her home
     directory on the remote machine (the authorized_keys file corresponds to
     the conventional $HOME/.rhosts file, and has one key per line, though the
     lines can be very long).  After this, the user can log in without giving
                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     the password.
     ^^^^^^^^^^^^
I ran "ssh-keygen -t rsa" and got the appropriate files in my directory:

-rw-------    1 dajo     dajomen       887 Jan  9 12:28 id_rsa
-rw-r--r--    1 dajo     dajomen       219 Jan  9 12:28 id_rsa.pub
-rw-r--r--    1 dajo     dajomen      1.1k Jan 10 14:18 known_hosts2
local dajo ~ 

I copied id_rsa.pub to the remote machine and renamed the file:

total 4.0k
-rw-------    1 dajo     dajo          219 Jan 10 12:05 authorized_keys2
remote dajo ~ 

Here is what happens when I try to set-up and use ssh to run ls on the remote
machine; I have added notes #.

# A fresh start.
local dajo ~ ssh-add
Could not open a connection to your authentication agent.

# The environment, stuff deleted.
local dajo ~ env
PWD=/home/dajo
HOSTNAME=local
<snip>
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
<snip>

# Start the agent.
local dajo ~ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-XX9X7ghy/agent.7106; export SSH_AUTH_SOCK;
SSH_AGENT_PID=7107; export SSH_AGENT_PID;
echo Agent pid 7107;

# Eval the variables.
local dajo ~ SSH_AUTH_SOCK=/tmp/ssh-XX9X7ghy/agent.7106; export SSH_AUTH_SOCK;
SSH_AGENT_PID=7107; export SSH_AGENT_PID;

# The environment, stuff deleted.
local dajo ~ local dajo ~ local dajo ~ env
PWD=/home/dajo
HOSTNAME=local
<snip>
SSH_AGENT_PID=7107
<snip>
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SSH_AUTH_SOCK=/tmp/ssh-XX9X7ghy/agent.7106
<snip>

# The agent is there.
local dajo ~ ssh-add -l
The agent has no identities.

# Add the key.
local dajo ~ ssh-add
Identity added: /home/dajo/.ssh/id_rsa (/home/dajo/.ssh/id_rsa)

# Here it is.
local dajo ~ ssh-add -l
1024 a3:bf:0c:1f:44:dc:72:88:3a:95:5d:20:d4:a7:55:1b /home/dajo/.ssh/id_rsa (RSA)

# Try to run ls on remote; password requested - !
local dajo ~ ssh -i /home/dajo/.ssh/id_rsa  remote.uchsc.edu 'ls -la'
dajo at remote.uchsc.edu's password: 

# Whoops!
local dajo ~ unset

# I meant this.
local dajo ~ unset SSH_ASKPASS

# The environment, stuff deleted.  No SSH_ASKPASS.
local dajo ~ env
PWD=/home/dajo
HOSTNAME=local
<snip>
SSH_AGENT_PID=7107
SSH_AUTH_SOCK=/tmp/ssh-XX9X7ghy/agent.7106
<snip>

# Still no joy.
local dajo ~ ssh -i /home/dajo/.ssh/id_rsa  remote.uchsc.edu 'ls -la'
dajo at remote.uchsc.edu's password: 
local dajo ~ 

# Also.
ssh -2 -i /home/dajo/.ssh/id_rsa  remote.uchsc.edu 'ls -la'
dajo at remote.uchsc.edu's password: 

# The ls works if I provide the password.

More information about the LUG mailing list