The easiest way to use ssh to execute commands remotely, is to create a public/private key set (that has an empty password) and then distribute those keys appropriately on all the computers you need to share between.
Before I go any further, one should note that this reduces your LAN's security to the lowest denominator: If you have one insecure box, all boxes will be equally insecure.
However, the plus here is that using ssh to obtain password-less remote executing, instead of other methods, means that the ssh isn't itself going to make the boxes insecure.
Ok so here is what you do:
First make a pub/priv key pair:
ssh-keygen -b 1024 -N "" -C "equality" -f equal -q
(1024 bits, no password, comment="equality", filename = "equal" and "equal.pub", quiet)
Now, these two files need to be put onto all computers involved as ~/.ssh/identity and ~/.ssh/identity.pub respectively. Also copy equal.pub to the file ~/.ssh/authorized_keys (if this file already exists for some reason, append equal.pub to this file -- but it probably doesn't exist if you are reading this).
This is it, you are done. This is done on a per user@host basis, so each involved now can access each other without passwords using ssh. (This means user names do not need to be the same between each account as well, which is a nice plus).
The main caveat is this: the /etc/ssh_known_hosts and the ~/.ssh/known_hosts files, which list which hosts the computer "knows" (used to prevent spoof attacks). On some systems this will not be a problem, unknown hosts are added automatically to ~/.ssh/known_hosts, the first them they are seen.
However some systems are configured to prompt, or even refuse, the automatic addition of a host to the ~/.ssh/known_hosts. If this is the case you will need to just log in once manually between each computer that needs automation.
Of course, if you need all computers to talk to all other computers, that's O(N^2) manual logins, so I wouldn't suggest doing that then. If that's the case, then it would probably easier to, from one computer login to all other computers (including itself), which will generate the ~/.ssh/known_hosts file for you. You can then distributed this file to all other computers, with the same method you used to get the equal{,.pub} files onto all the systems.
There is also the .rhosts file which lists simply usernames and hosts that are allowed to connect. ssh will read this file, and since it is easy to create by hand, you can then distribute it to all involved computers as well. However I would strongly recommend against using this method, as it is highly insecure! (You might as well turn off server keys, this bypasses your spoof detection).
Well that's all I got,
Gryn
p.s. I would have posted sooner, but the site went down sometime in the middle of me writing this response :) .
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.