non-interactive ssh connections (was Re: RSYNC ISSUE)

tim.conway at philips.com tim.conway at philips.com
Thu Jul 25 07:07:02 EST 2002 

Gouri:  close.  Try "Ssh-keygen -p -P ''".  You might argue that ssh should guess that -P imlplies -p, but that's 
an issue for your ssh maintainer.
Also:  you don't ordinarily distribute the private key.  You need the 
PUBLIC key in $HOME/.ssh/authorized_keys on any system you want to access 
with the private key.  Maybe i'm seing your application backward, and you 
are creating the key on the system being accessed, and putting the private 
key on all the systems accessing it.  Anyway, the ssh-keygen -p changes 
only the private key.  You could actually generate a key pair, put the 
public key on the system you want to access, put the private key on all 
the systems you want to access from, run ssh-keygen -p on all those 
seperate keys, giving them all different passwords, and still use them all 
on the same public key.

Tim Conway
tim.conway at philips.com
303.682.4917 office, 3039210301 cell
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn, 
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), 
".\n" '
"There are some who call me.... Tim?"




"Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com>
07/24/2002 06:42 PM

 
        To:     Tim Conway/LMT/SC/PHILIPS at AMEC
        cc: 
        Subject:        RE: non-interactive ssh connections (was Re: RSYNC ISSUE)
        Classification: 



Just tell me one thing.

If I generate the key using command
Ssh-keygen -P '' ---> It should remove passphrase correct> Is there any
thing wrong from the syntax standpoint.
I am working on IBM-AIX OS

If you look on the details about the mail below, you will see my 
difficulty
in executing rsync with SSH from cron.

Thank you. Hope to get your response. Gs

-----Original Message-----
From: tim.conway at philips.com [mailto:tim.conway at philips.com] 
Sent: Wednesday, July 24, 2002 3:41 PM
To: Kar, Gouri X. -ND
Cc: Kar, Gouri X. -ND; rsync at lists.samba.org
Subject: RE: non-interactive ssh connections (was Re: RSYNC ISSUE)


First, an item to fix:  the substitution of "-P" for "-p".  All good 
operating systems are case-sensitive, and many utilities, ssh included, 
are case sensitive about their options.  "-P" is passed along with the 
"-p" to signal that the next parameter is the passphrase, to enable 
passphrase setting directly in the commandline.  If that's wrong, you're 
not touching the key at all.

Secondly:  Are you sure you're actually using the key?  If the public key 
isn't in the authorized_keys file on the destination system, or if, for 
whatever other reason, the remote system won't use you key, you've got to 
solve that, first.  It's common for people setting up ssh to make the 
passphrase the same as their login password.  They test it, their password 

works, and they think they used the key, when in fact, they did password 
authentication.  If, in fact, after setting the passphrase empty, you are 
able to ssh destination without providing a password, then we have 
something wierd going on.

Tim Conway
tim.conway at philips.com
303.682.4917 office, 3039210301 cell
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM perl -e 'print
pack(nnnnnnnnnnnn, 
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), 
".\n" '
"There are some who call me.... Tim?"




"Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com>
Sent by: rsync-admin at lists.samba.org
07/24/2002 11:52 AM

 
        To:     "Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com>
mbp at samba.org
rsync at lists.samba.org
        cc:     (bcc: Tim Conway/LMT/SC/PHILIPS)
        Subject:        RE: non-interactive ssh connections (was Re: RSYNC
ISSUE)
        Classification: 



Hi, I have tried to generate the key with ssh-keygen -P ( remove the
passphrase) and copied it to the target system. However, it doesn't work.
Any insite with the way I am distributing the KEYS

-----Original Message-----
From: Martin Pool [mailto:mbp at samba.org] 
Sent: Tuesday, July 23, 2002 6:53 PM
To: Kar, Gouri X. -ND
Cc: rsync at lists.samba.org; Johnson, Gary X. -ND; Minyard, Mark X. -ND
Subject: non-interactive ssh connections (was Re: RSYNC ISSUE)


(Gouri: a more descriptive subject line will help you get repsonses in
future, and please send your mail to rsync at lists.samba.org.  Read
<http://www.tuxedo.org/~esr/faqs/smart-questions.html>)

On 23 Jul 2002, "Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com> wrote:
> Hi guys, I am trying to schdule a script which makes call to RSYNC 
> over SSH. The same script works fine on the command prompt and 
> sucessfully transfer the file from source to destination system with 
> SSH.
> 
> However, executing the script from CRONJOB doesn't work. It comes up 
> with following error message
> 
> From: daemon
> To: db2log
> 
> You have no controlling tty and no DISPLAY.  Cannot read passphrase. 
> You have no controlling tty and no DISPLAY.  Cannot read passphrase.
> warning: Authentication failed.
> Disconnected; authentication cancelled by user (Authentication
> cancelled by user.). unexpected EOF in read_timeout

The problem is that ssh, as it says, cannot read the passphrase to unlock
your ssh key. 

If you want to do ssh from a cron job, you must have a key with no
passphrase.  You can remove a passphrase from an existing key using
"ssh-keygen -p" (see the manual).  You should probably make sure that the
key is authorized only for the accounts necessary to make the backup.

-- 
Martin 

-- 
To unsubscribe or change options: 
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html

More information about the rsync mailing list