non-interactive ssh connections (was Re: RSYNC ISSUE)
tim.conway at philips.com
tim.conway at philips.com
Thu Jul 25 07:07:02 EST 2002
Gouri: close. Try "Ssh-keygen -p -P ''". You might argue that ssh should guess that -P imlplies -p, but that's
an issue for your ssh maintainer.
Also: you don't ordinarily distribute the private key. You need the
PUBLIC key in $HOME/.ssh/authorized_keys on any system you want to access
with the private key. Maybe i'm seing your application backward, and you
are creating the key on the system being accessed, and putting the private
key on all the systems accessing it. Anyway, the ssh-keygen -p changes
only the private key. You could actually generate a key pair, put the
public key on the system you want to access, put the private key on all
the systems you want to access from, run ssh-keygen -p on all those
seperate keys, giving them all different passwords, and still use them all
on the same public key.
Tim Conway
tim.conway at philips.com
303.682.4917 office, 3039210301 cell
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn,
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
".\n" '
"There are some who call me.... Tim?"
"Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com>
07/24/2002 06:42 PM
To: Tim Conway/LMT/SC/PHILIPS at AMEC
cc:
Subject: RE: non-interactive ssh connections (was Re: RSYNC ISSUE)
Classification:
Just tell me one thing.
If I generate the key using command
Ssh-keygen -P '' ---> It should remove passphrase correct> Is there any
thing wrong from the syntax standpoint.
I am working on IBM-AIX OS
If you look on the details about the mail below, you will see my
difficulty
in executing rsync with SSH from cron.
Thank you. Hope to get your response. Gs
-----Original Message-----
From: tim.conway at philips.com [mailto:tim.conway at philips.com]
Sent: Wednesday, July 24, 2002 3:41 PM
To: Kar, Gouri X. -ND
Cc: Kar, Gouri X. -ND; rsync at lists.samba.org
Subject: RE: non-interactive ssh connections (was Re: RSYNC ISSUE)
First, an item to fix: the substitution of "-P" for "-p". All good
operating systems are case-sensitive, and many utilities, ssh included,
are case sensitive about their options. "-P" is passed along with the
"-p" to signal that the next parameter is the passphrase, to enable
passphrase setting directly in the commandline. If that's wrong, you're
not touching the key at all.
Secondly: Are you sure you're actually using the key? If the public key
isn't in the authorized_keys file on the destination system, or if, for
whatever other reason, the remote system won't use you key, you've got to
solve that, first. It's common for people setting up ssh to make the
passphrase the same as their login password. They test it, their password
works, and they think they used the key, when in fact, they did password
authentication. If, in fact, after setting the passphrase empty, you are
able to ssh destination without providing a password, then we have
something wierd going on.
Tim Conway
tim.conway at philips.com
303.682.4917 office, 3039210301 cell
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM perl -e 'print
pack(nnnnnnnnnnnn,
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
".\n" '
"There are some who call me.... Tim?"
"Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com>
Sent by: rsync-admin at lists.samba.org
07/24/2002 11:52 AM
To: "Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com>
mbp at samba.org
rsync at lists.samba.org
cc: (bcc: Tim Conway/LMT/SC/PHILIPS)
Subject: RE: non-interactive ssh connections (was Re: RSYNC
ISSUE)
Classification:
Hi, I have tried to generate the key with ssh-keygen -P ( remove the
passphrase) and copied it to the target system. However, it doesn't work.
Any insite with the way I am distributing the KEYS
-----Original Message-----
From: Martin Pool [mailto:mbp at samba.org]
Sent: Tuesday, July 23, 2002 6:53 PM
To: Kar, Gouri X. -ND
Cc: rsync at lists.samba.org; Johnson, Gary X. -ND; Minyard, Mark X. -ND
Subject: non-interactive ssh connections (was Re: RSYNC ISSUE)
(Gouri: a more descriptive subject line will help you get repsonses in
future, and please send your mail to rsync at lists.samba.org. Read
<http://www.tuxedo.org/~esr/faqs/smart-questions.html>)
On 23 Jul 2002, "Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com> wrote:
> Hi guys, I am trying to schdule a script which makes call to RSYNC
> over SSH. The same script works fine on the command prompt and
> sucessfully transfer the file from source to destination system with
> SSH.
>
> However, executing the script from CRONJOB doesn't work. It comes up
> with following error message
>
> From: daemon
> To: db2log
>
> You have no controlling tty and no DISPLAY. Cannot read passphrase.
> You have no controlling tty and no DISPLAY. Cannot read passphrase.
> warning: Authentication failed.
> Disconnected; authentication cancelled by user (Authentication
> cancelled by user.). unexpected EOF in read_timeout
The problem is that ssh, as it says, cannot read the passphrase to unlock
your ssh key.
If you want to do ssh from a cron job, you must have a key with no
passphrase. You can remove a passphrase from an existing key using
"ssh-keygen -p" (see the manual). You should probably make sure that the
key is authorized only for the accounts necessary to make the backup.
--
Martin
--
To unsubscribe or change options:
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
More information about the rsync
mailing list