0

Is there any way to execute a ssh connection with out use interactive password autentification and non public keys, I need too run a command in the remote server all this with out manual intervention, I know that i can use a script but I don´t have any example. The application will be running in different machines so it's a bit hard creating a key public for every machine.

fers
  • 189
  • 5
  • 13
  • This question is only marginally on-topic here, and it's been [reposted on Unix & Linux](http://unix.stackexchange.com/questions/32140/autentification-on-ssh-connection-in-oneline) where it's a [duplicate](http://unix.stackexchange.com/questions/31071/shell-script-for-logging-into-a-ssh-server), so I'm voting to close here. But really @fers, I'd follow Paŭlo Ebermann's advice: distributing the password wouldn't be easier than distributing the private key, and it would be more trouble and less secure. Use a key pair. – Gilles 'SO- stop being evil' Feb 19 '12 at 23:46

3 Answers3

2

Everything is possible with the right configurations, but there are some security points to consider.

  • You certainly don't want everyone on the net to be able to execute any command on your server. So simply allowing everything is not a good idea.

  • Everyone who has your application on a computer in her control can do everything what your application can do ... and maybe more, if the application has limits only build in itself, not the server side.

  • You can distribute a private key with your application (and pass to SSH on connection), but of course then anyone having the application can extract this key. (If the application can access it, so can do any attacker who has control over it.)

  • You could also distribute a password with your application and somehow pass it to ssh, but still, in principle anyone who has the application can get the password.

  • If there is always the same command to be executed (maybe with different inputs), you can force this specific command at the server-side - for example, for a specific public key in the authorized_keys file. Or you could create a SSH subsystem and only allow this by server configuration.

  • On the server side, you can put additional limits by IP address or host name, but this is not really secure (IP adresses can be faked, for example). If the computers on which the application is to be run have already existing SSH installations, they should have host keys, and maybe you can do host authentication. But this is still only really useful if these hosts are under your control, more or less.

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
1

For security issues, a password (if you don't use a certificate) will always asked to you interactively, unless you configure server in an advanced way.

You can use a certificate, by inserting password one time.

Take a look at this

DonCallisto
  • 29,419
  • 9
  • 72
  • 100
  • Yes I know this, but I would like if I could this using a script – fers Feb 14 '12 at 20:21
  • @fers You could do this, it's all reported on link that i gave you. Once you imported keys and insert passphrases, you could use ssh synthax into a script for log-in and do operation in an automated way – DonCallisto Feb 14 '12 at 20:23
  • The problem is that I'm doing an application that will run on different – fers Feb 14 '12 at 20:29
  • different machines, so It's a bit hard doing this in every machine that uses the application. – fers Feb 14 '12 at 20:30
  • So update your question for make it more accurate. With those details, I can't help you. Sorry. – DonCallisto Feb 14 '12 at 20:32
0

On debian, a tool exists for this and it's called sshpass (a noninteractive ssh password provider)

It comes with lots of warnings and caveats though! Be sure you assess the risks properly before continuing down this path...

jon
  • 5,986
  • 5
  • 28
  • 35