Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ssh and batchmode

599 views
Skip to first unread message

Andreas Otto

unread,
Jan 9, 2002, 4:22:35 AM1/9/02
to

Hi,

I would like to use scp in batchmode like

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
dev1usr@linux02:~> scp -B OTTO na...@www.host.com:OTTO
Bad passphrase.
Permission denied.
lost connection
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<


what I have to to to get it working


mfg

aotto :)

--
================================================================
(C) Compiler-Factory Phone: ++49-(0)8152-399540
Dipl.-Ing Andreas Otto mailto:in...@compiler-factory.com
Business Solutions http://www.compiler-factory.com
Ulmenstrasse 3 => "Compiler", FastWeb, OpMenu
D-34289 Zierenberg => C, C++, Tcl, HTML, database,
=================================================================

Richard E. Silverman

unread,
Jan 9, 2002, 8:41:51 AM1/9/02
to

> I would like to use scp in batchmode like
>
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> dev1usr@linux02:~> scp -B OTTO na...@www.host.com:OTTO
> Bad passphrase.
> Permission denied.
> lost connection
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>
> what I have to to to get it working

It is working. Batch mode simply tells ssh to not prompt the user; it
doesn't remove its need to do so. You have set it to use public-key
authentication with an encrypted key, and also told it it can't ask for
the key passphrase -- so of course, it fails.

See:

http://www.snailbook.com/faq/no-passphrase.auto.html

--
Richard Silverman
sl...@shore.net

j...@radidelmex.net

unread,
Jan 10, 2002, 11:35:00 AM1/10/02
to
> http://www.snailbook.com/faq/no-passphrase.auto.html

My beef with OpenSSH (a great product) is that I've been trying fitfully
to get pubkey authentication to work ... it doesn't, I'm an idiot, haven't
got a clue ... but ... I need encryption. The networks I traverse don't
really care about good security practices, they just don't want Mr. Bad to
sniff a password. So OpenSSH forces me to sit and type in a password on
every batch download.

Sure one can say "It's made difficult on purpose, because you shouldn't
do it." I reply, "Take off the training wheels and let me ride!"

Richard E. Silverman

unread,
Jan 10, 2002, 1:27:37 PM1/10/02
to
>>>>> "jfw" == jfw <j...@radiDELMEx.net> writes:

>> http://www.snailbook.com/faq/no-passphrase.auto.html
jfw> My beef with OpenSSH (a great product) is that I've been trying
jfw> fitfully to get pubkey authentication to work ... it doesn't,

Public-key authentication in OpenSSH works just fine, every day, for tens
of thousands (if not millions) of people. So your beef is probably not
with OpenSSH. If you will post the specific problem you're having, we can
probably help you solve it.

jfw> So OpenSSH forces me to sit and type in a password on every batch
jfw> download.

No, it doesn't. There are at least three different ways of doing
unattended SSH. You just haven't figured out how to use them yet. Again,
try the suggested methods, and post your *specific* problems.

jfw> Sure one can say "It's made difficult on purpose, because you
jfw> shouldn't do it." I reply, "Take off the training wheels and let
jfw> me ride!"

Try using the right model of bike first before complaining about its
construction.

--
Richard Silverman
sl...@shore.net

j...@radidelmex.net

unread,
Jan 11, 2002, 12:05:43 PM1/11/02
to
Richard E. Silverman <sl...@shore.net> wrote:

> Public-key authentication in OpenSSH works just fine, every day, for tens
> of thousands (if not millions) of people. So your beef is probably not
> with OpenSSH.

I agree, it works great for everybody else, just not for me! :(

> If you will post the specific problem you're having, we can
> probably help you solve it.

I'm trying to set up pubkey authorization on a SCO OpenServer 5.0.4.
Password authentication works fine.

1. I built the keys on the client:

for i in rsa1 dsa rsa
do
ssh-keygen -t $i
done

2. I put the keys on the server:

mkdir ~jfw/.ssh
for i in identity id_dsa id_rsa
do
cat /tmp/$i.pub >> ~jfw/.ssh/authorized_keys
done

3. I set file permissions correctly:

chmod 755 ~jfw
chmod 755 ~jfw/.ssh
chmod 644 ~jfw/.ssh/authorized_keys
chown -R jfw:sys ~jfw

4. The server is rejecting my pubkeys. From the sshd -d -d -d output ...

Failed publickey for jfw from 192.168.0.2 port 2856 ssh2

Why is it failing? (beating on head with fists). I want better error
messages!

> No, it doesn't. There are at least three different ways of doing
> unattended SSH. You just haven't figured out how to use them yet. Again,
> try the suggested methods, and post your *specific* problems.

I know about hostbased, public-key with plaintext key file, public-key
with ssh-agent ... how do you do it without using public keys?
There's RhostsAuthentication, but I want to avoid that if I can.

> jfw> Sure one can say "It's made difficult on purpose, because you
> jfw> shouldn't do it." I reply, "Take off the training wheels and let
> jfw> me ride!"

> Try using the right model of bike first before complaining about its
> construction.

Hey, I'm a complainer! I did buy a copy of your book, so at least I'm
not a stingy complainer! I keep reading over and over again ... I want
to feed in a password ... can't do it, it's insecure ... I want to feed in a
password ... can't do it, it's insecure ... now I'm one of those guys!
It's damn frustrating!

Richard E. Silverman

unread,
Jan 11, 2002, 12:34:36 PM1/11/02
to

What version of OpenSSH are you using on the server? Prior to 2.9.9,
protocol-2 keys had to be in ~/.ssh/authorized_keys2 (note the trailing
"2").

--
Richard Silverman
sl...@shore.net

j...@radidelmex.net

unread,
Jan 11, 2002, 2:00:33 PM1/11/02
to
Richard E. Silverman <sl...@shore.net> wrote:

> What version of OpenSSH are you using on the server? Prior to 2.9.9,
> protocol-2 keys had to be in ~/.ssh/authorized_keys2 (note the trailing
> "2").

OpenSSH 3.0p1. I used to have the protocol-2 keys in authorized_keys2,
but upon advice, I moved them to authorized_keys. BTW, I liked your book;
it's very complete!

Dimitri Maziuk

unread,
Jan 11, 2002, 6:00:13 PM1/11/02
to
On 11 Jan 2002 17:05:43 GMT, j...@radiDELMEx.net wrote:
> Richard E. Silverman <sl...@shore.net> wrote:
>
>> Public-key authentication in OpenSSH works just fine, every day, for tens
>> of thousands (if not millions) of people. So your beef is probably not
>> with OpenSSH.
>
> I agree, it works great for everybody else, just not for me! :(

...

> 4. The server is rejecting my pubkeys. From the sshd -d -d -d output ...
>
> Failed publickey for jfw from 192.168.0.2 port 2856 ssh2
>
> Why is it failing? (beating on head with fists). I want better error
> messages!

Try also LogLevel (man sshd) and turn on debug on the client side, too.
And do it one step at a time: generate rsa1 key & try ssh -1. Then try
version 2 keys, one at a time.

Dima
--
I like the US government, makes the Aussie one look less dumb and THAT is a
pretty big effort. -- Craig Small

0 new messages