I would go so far as to say thaty ou should NEVER automate the copying of your keys.

That's about on par with automating the installation of sshd on the remote machine everytime you wanted to connect.

That said, if you can can get your ssh keys set up so that your normal, commandline ssh client can connect to your romote system, then you should be good to go -- just don't specify a password to $ssh->login($user).

(You might run into passphrase issues ... but I think Net::SSH::Perl can deal with a key agent if you have one running -- I would guess that if you're trying to automate something, you probably want to use passphraseless key's anyway.)

I don't know what's the big deal, I could have just manually copy the public key over to the remote server once, then I can login without providing the password, since I have the private key. Even if you are doing this once, you still have to distribute the public keys over to your remote server. I've just done it using Expect to run scp command, save a lot of time. But if you know of anything else like expect that would allow me to provide the password to scp in a script fashion, please let me know.

Just one thing with Expect, is there a way to NOT show the password on the screen as it run? If not, then is there a way to make it show up like xxxxx, but still pass the password over to scp.

Thanks.

Well, my point was just that a one-time task doesn't seem worth automating.

Good luck brother,
Ira,

"So... What do all these little arrows mean?"
~unknown

Yes I don't like using the a Null passphrase either, but I don't want to take the time to configure the ssh-agent(assumming I have to configure the client as well). What I did with the Null passphrase is on one server only. After that I copied over the public keys. I did it this way, because I want to centrally mananged all servers through this one. My problem is copying over the public keys, you see I am lazy guy. If I can find a way to do this by running a script, then I will. Otherwise I will have to use scp and provide the password to every remote hosts inorder to copy over the public key(this only done once per host). I found Expect works well with scp.

Thanks Brother

This is a deep question. Aside from implementation issues, it can be restated:

How do I exchange encryption keys oven an untrusted channel?

There is a lot of information out there. 'Certificate Authority' is one solution, 'Ring of Trust' is another. Self-certification is possible if you have an account on a host trusted by the target. Try "key exchange" trust.

After Compline,
Zaxo

What are you using the ssh agent for? If you are trying to push out some kind of configuration or process you might be better of with SSLeay. Using SSL you could create the pem's at the server that the remote clients would be allowed to connect with and then preform the function on the backend that needed to be done in an encrypted fashion.

If that dosen't work ... then my question would be what is the purpose of your application and what is it using ssh for?

Dave -- Saving the world one node at a time

I'm not sure this is what you're asking, but when prompting for password I just use system stty -echo in the expect script, and use send_user to give me any output I need to see.

For the actual ssh session: spawn -noecho ssh $hostname should work nicely.

Koodoes to you tempehjunkie!!!. Yes this is what I was looking for; $object->slave_pty->stty('-echo'); and $object->slave_pty-stty('echo'); Yes, on some occasion your really need expect to do the job. In particalar the realms of Administrations, If you have to reset root's password on over 100 servers, then I don't expect you to sit down and log into every one and reset them. I think not :-), this is where Expects comes in. I used it in conjuction with ssh. I also use Expect to do the initiall Private and Public keys stuff so that I may login later without providing password. Thanks to all for participating in this thread.