tim.conway@philips.com
2002-Jul-25  07:07 UTC
non-interactive ssh connections (was Re: RSYNC ISSUE)
Gouri:  close.  Try "Ssh-keygen -p -P ''".  You might argue
that ssh should guess that -P imlplies -p, but that's
an issue for your ssh maintainer.
Also:  you don't ordinarily distribute the private key.  You need the 
PUBLIC key in $HOME/.ssh/authorized_keys on any system you want to access 
with the private key.  Maybe i'm seing your application backward, and you 
are creating the key on the system being accessed, and putting the private 
key on all the systems accessing it.  Anyway, the ssh-keygen -p changes 
only the private key.  You could actually generate a key pair, put the 
public key on the system you want to access, put the private key on all 
the systems you want to access from, run ssh-keygen -p on all those 
seperate keys, giving them all different passwords, and still use them all 
on the same public key.
Tim Conway
tim.conway@philips.com
303.682.4917 office, 3039210301 cell
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn, 
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), 
".\n" '
"There are some who call me.... Tim?"
"Kar, Gouri X. -ND" <Gouri.X.Kar.-ND@disney.com>
07/24/2002 06:42 PM
 
        To:     Tim Conway/LMT/SC/PHILIPS@AMEC
        cc: 
        Subject:        RE: non-interactive ssh connections (was Re: RSYNC
ISSUE)
        Classification: 
Just tell me one thing.
If I generate the key using command
Ssh-keygen -P '' ---> It should remove passphrase correct> Is
there any
thing wrong from the syntax standpoint.
I am working on IBM-AIX OS
If you look on the details about the mail below, you will see my 
difficulty
in executing rsync with SSH from cron.
Thank you. Hope to get your response. Gs
-----Original Message-----
From: tim.conway@philips.com [mailto:tim.conway@philips.com] 
Sent: Wednesday, July 24, 2002 3:41 PM
To: Kar, Gouri X. -ND
Cc: Kar, Gouri X. -ND; rsync@lists.samba.org
Subject: RE: non-interactive ssh connections (was Re: RSYNC ISSUE)
First, an item to fix:  the substitution of "-P" for "-p". 
All good
operating systems are case-sensitive, and many utilities, ssh included, 
are case sensitive about their options.  "-P" is passed along with the
"-p" to signal that the next parameter is the passphrase, to enable 
passphrase setting directly in the commandline.  If that's wrong, you're
not touching the key at all.
Secondly:  Are you sure you're actually using the key?  If the public key 
isn't in the authorized_keys file on the destination system, or if, for 
whatever other reason, the remote system won't use you key, you've got
to
solve that, first.  It's common for people setting up ssh to make the 
passphrase the same as their login password.  They test it, their password 
works, and they think they used the key, when in fact, they did password 
authentication.  If, in fact, after setting the passphrase empty, you are 
able to ssh destination without providing a password, then we have 
something wierd going on.
Tim Conway
tim.conway@philips.com
303.682.4917 office, 3039210301 cell
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM perl -e 'print
pack(nnnnnnnnnnnn, 
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), 
".\n" '
"There are some who call me.... Tim?"
"Kar, Gouri X. -ND" <Gouri.X.Kar.-ND@disney.com>
Sent by: rsync-admin@lists.samba.org
07/24/2002 11:52 AM
 
        To:     "Kar, Gouri X. -ND" <Gouri.X.Kar.-ND@disney.com>
mbp@samba.org
rsync@lists.samba.org
        cc:     (bcc: Tim Conway/LMT/SC/PHILIPS)
        Subject:        RE: non-interactive ssh connections (was Re: RSYNC
ISSUE)
        Classification: 
Hi, I have tried to generate the key with ssh-keygen -P ( remove the
passphrase) and copied it to the target system. However, it doesn't work.
Any insite with the way I am distributing the KEYS
-----Original Message-----
From: Martin Pool [mailto:mbp@samba.org] 
Sent: Tuesday, July 23, 2002 6:53 PM
To: Kar, Gouri X. -ND
Cc: rsync@lists.samba.org; Johnson, Gary X. -ND; Minyard, Mark X. -ND
Subject: non-interactive ssh connections (was Re: RSYNC ISSUE)
(Gouri: a more descriptive subject line will help you get repsonses in
future, and please send your mail to rsync@lists.samba.org.  Read
<http://www.tuxedo.org/~esr/faqs/smart-questions.html>)
On 23 Jul 2002, "Kar, Gouri X. -ND" <Gouri.X.Kar.-ND@disney.com>
wrote:> Hi guys, I am trying to schdule a script which makes call to RSYNC 
> over SSH. The same script works fine on the command prompt and 
> sucessfully transfer the file from source to destination system with 
> SSH.
> 
> However, executing the script from CRONJOB doesn't work. It comes up 
> with following error message
> 
> From: daemon
> To: db2log
> 
> You have no controlling tty and no DISPLAY.  Cannot read passphrase. 
> You have no controlling tty and no DISPLAY.  Cannot read passphrase.
> warning: Authentication failed.
> Disconnected; authentication cancelled by user (Authentication
> cancelled by user.). unexpected EOF in read_timeout
The problem is that ssh, as it says, cannot read the passphrase to unlock
your ssh key. 
If you want to do ssh from a cron job, you must have a key with no
passphrase.  You can remove a passphrase from an existing key using
"ssh-keygen -p" (see the manual).  You should probably make sure that
the
key is authorized only for the accounts necessary to make the backup.
-- 
Martin 
-- 
To unsubscribe or change options: 
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Seemingly Similar Threads
- non-interactive ssh connections (was Re: RSYNC ISSUE)
- non-interactive ssh connections (was Re: RSYNC ISSUE)
- non-interactive ssh connections (was Re: RSYNC ISSUE)
- non-interactive ssh connections (was Re: RSYNC ISSUE)
- non-interactive ssh connections (was Re: RSYNC ISSUE)
