Run Commands Remotely via SSH with No Password

Оставлю пока это здесь (источник: http://www.dotkam.com/2009/03/10/run-commands-remotely-via-ssh-with-no-password/).

Еще информация по теме: http://habrahabr.ru/post/122445/.

Extremely useful for system administrators, very useful for application developers when testing with remote services, or how some buzz developers refer to it: Service Oriented Architecture (SOA). Also remote execution is widely used by web masters to sync/backup/create mirrors.

Below 5 simple steps will enable you to run any commands on the remote box/host/server via SSH without a need to provide a password. That is usually useful, if such remote calls need to be automated (work without manual/human intervention).

Step number 6 has an example on how to actually run a command on remote host via SSH.

from the local host

Step 1. Create a public/private keys with “ssh-keygen” (ENTER through everything):

      user@host:~/.ssh$ ssh-keygen -t rsa
      Generating public/private rsa key pair.
      Enter file in which to save the key (/home/toly/.ssh/id_rsa): 		[ENTER]
      Enter passphrase (empty for no passphrase): 				[ENTER]
      Enter same passphrase again: 							[ENTER]
      Your identification has been saved in /home/user/.ssh/id_rsa.
      Your public key has been saved in /home/user/.ssh/id_rsa.pub.
      The key fingerprint is:
      66:fd:11:ca:2d:21:b9:73:c1:b6:fa:1d:b2:2c:71:cd user@host
      The key's randomart image is:
      +--[ RSA 2048]----+
      |                         |
      |           .             |
      |          . o           |
      |         o + o         |
      |        E S.o o       |
      |       o. .+.o .       |
      |       . +o o.         |
      |        +. o...        |
      |       ... ..=.         |

At this point the public and private keys should be created and saved into “~/.ssh” directory:

      user@host:~/.ssh$ ls -l
      total 20
      -rw------- 1 user group 1675 2009-03-10 14:18 id_rsa
      -rw-r--r-- 1 user group 392 2009-03-10 14:18 id_rsa.pub
      -rw-r--r-- 1 user group 8642 2009-03-10 12:10 known_hosts

Step 2. Add identity to the local ssh authorizer with “ssh-add”.

If you “entered” through the “Enter file in which to save the key (/home/toly/.ssh/id_rsa)” in the previous step, then your identity file should be “id_rsa”:

      user@host:~/.ssh$ ssh-add id_rsa

Otherwise replace “id_rsa” with the file you chose to save your identity in.

In case of a friendly “Could not open a connection to your authentication agent.” error message, start “ssh-agent” as:

eval `ssh-agent`

and re-run “ssh-add”.

Step 3. Copy the public key to the remote host ( server ) under “~/.ssh”:

From the step above “id_rsa.pub” would be the public key that needs to be copied to the remote system you would like to run commands on.

      user@host:~/.ssh$ scp id_rsa.pub remoteuser@remotehost.com:~/.ssh/

from the remote host

Step 4. On remote host add this public key to “authorized_keys”:

      remoteuser@remotehost:~$ cd ~/.ssh
      remoteuser@remotehost:~/.ssh~$ cat id_rsa.pub >> authorized_keys

Step 5. Change “authorized_keys” permissions to allow only you to read/write it:

      remoteuser@remotehost:~/.ssh$ chmod 600 authorized_keys

from the local host

Step 6. Now you can run any command on the remote box from the local box with no password:

Let’s see what that remote box is running at:

       user@host:~$ ssh remoteuser@remotehost.com  uname -a
       Linux remotehost 2.6.27-01-generic #1 SMP Thu Mar 21 10:34:21 UTC 2009 i686 GNU/Linux

By runing “ssh remoteuser@remotehost.com uname -a” from the local box, you just ran “uname -a” command on the remote box without a need to enter the password.

Good Luck Remoting!

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *