Difference between revisions of "SSH - Client and Server"

From Blue-IT.org Wiki

(A little script to enable passwordless login)
(New version)
Line 11: Line 11:
 
  #!/bin/bash
 
  #!/bin/bash
 
  #
 
  #
  # This scripts exports THIS computers public ssh key to
+
  cat <<EOF
  # a clients's ~/.ssh/authorized_keys2 file.
+
---------------------------------------------------------------------
  #
+
This scripts exports THIS computers public ssh key to
  # This will enable passworless login from THIS pc to the client.
+
  a clients's ~/.ssh/authorized_keys2 file.
  #
+
   
  # You need to have the password, username and IP/alias of the other pc.
+
  This will enable passworless login from THIS pc to the client.
 +
   
 +
  You need to specify at least the IP/alias of the other pc!
 +
You optionally can specify another username than the actual one.
 +
 +
Usage: ssh_export ip_of_remote_client  [alternate_username]
 +
---------------------------------------------------------------------
 +
 +
EOF
 
   
 
   
 
  client="$1"
 
  client="$1"
 
  NAME="$2"
 
  NAME="$2"
 +
THIS_HOSTNAME="$HOSTNAME"
 
   
 
   
 
  [ "$NAME" ] || NAME="${USER}"
 
  [ "$NAME" ] || NAME="${USER}"
Line 27: Line 36:
 
  cd ~/.ssh
 
  cd ~/.ssh
 
   
 
   
  echo "Create ssh dir on client ... "
+
  echo -n "* Check connection to client ... "
 +
if ping -c 1 $client > /dev/null
 +
then
 +
echo OK.
 +
else
 +
echo Please check the connection.
 +
echo  - Aborting here.
 +
exit 1
 +
fi
 +
 +
echo "* Create ssh dir on client, if it not already exists ... "
 
  ssh ${NAME}@$client "mkdir -p ~/.ssh; chmod 700 ~/.ssh"
 
  ssh ${NAME}@$client "mkdir -p ~/.ssh; chmod 700 ~/.ssh"
 
   
 
   
  echo "Check if pub key exist and/or create one ... "
+
  echo "* Check if a local pub key exist and/or create one ... "
  [ -e id_dsa.pub ] || ssh-keygen -t dsa  
+
  PUB_KEY="id_dsa.pub"
 +
if test -e $PUB_KEY
 +
then
 +
echo "  - A file named $PUB_KEY exists."
 +
else
 +
echo "  - Creating a new one."
 +
ssh-keygen -t dsa  
 +
fi
 +
 +
echo "* Check, if an older key was exported already in former time to the client."
 +
if
 +
        ssh ${client} "if (cat ~/.ssh/authorized_keys2 | grep ${NAME}@${THIS_HOSTNAME});\
 +
                then echo  - WARNING: An older key was exported before to $client. \
 +
\n  - Please fix manually.; exit 1; \
 +
                fi";
 +
then
 +
        echo "  - Authorized keys file is clean."
 +
else
 +
echo "  - Aborting here."
 +
exit 1
 +
fi
 
   
 
   
  echo "Copy the public key of THIS pc to the client ... "
+
  echo "* Copy the public key of THIS pc to the client ... "
 
  scp id_dsa.pub ${NAME}@$client:~/.ssh/id_dsa.pub_${HOSTNAME}
 
  scp id_dsa.pub ${NAME}@$client:~/.ssh/id_dsa.pub_${HOSTNAME}
 
   
 
   
  echo "We make an entry into the authorized_keys file on the client ... "
+
  echo "* We make an entry into the authorized_keys file on the client ... "
  ssh ${NAME}@$client "cat ~/.ssh/id_dsa.pub_${HOSTNAME} \
+
  ssh ${NAME}@$client "cat ~/.ssh/id_dsa.pub_${HOSTNAME} >> ~/.ssh/authorized_keys2; \
    >> ~/.ssh/authorized_keys2; \
+
     rm ~/.ssh/id_dsa.pub_${HOSTNAME};"
     rm ~/.ssh/id_dsa.pub_${HOSTNAME}"
 
 
   
 
   
  echo "Secure the local public key ... "
+
  echo "* Secure the local public key ... "
 
  chmod 600 id_dsa.pub
 
  chmod 600 id_dsa.pub
 
   
 
   
echo TEST:
 
echo Now we test with running the following terminal command:
 
echo "  ssh ${NAME}@$client echo Congratulation: You can login passwordless to your client $client."
 
 
  echo ;
 
  echo ;
  ssh ${NAME}@$client "echo Congratulation: You can login passwordless to your client $client."
+
  echo "* LET'S TEST IT:"
 +
echo "  Now we test with running the following terminal command."
 +
echo "  You should NOT be prompted by a password."
 +
echo ;
 +
 +
if
 +
        ssh ${NAME}@$client "echo   - This is a message on $client."
 +
then
 +
        echo "  - Congratulation: If you was NOT promptd for a password,"
 +
echo "    you can login passwordless to your client $client."
 +
else
 +
echo "  - WARNING: There was an error with the passwordless login to $client."
 +
        exit 1
 +
fi
 
   
 
   
 
  echo ;
 
  echo ;
 
  echo ;
 
  echo ;
  echo Program ended.
+
  echo "** Program ended."
 
  echo ;
 
  echo ;
 
  echo If you like to remove the automatic login, you have to  
 
  echo If you like to remove the automatic login, you have to  
 
  echo remove the public key in the file /home/${NAME}/.ssh/authorized_keys2
 
  echo remove the public key in the file /home/${NAME}/.ssh/authorized_keys2
 
  echo on your clients - $client - computer.
 
  echo on your clients - $client - computer.

Revision as of 13:00, 1 June 2008

A little script to enable passwordless login

Needless to say, that using this script you should exactly know what you are doing.

!! The author takes NO response for all kinds of damage and security issues that could happen using this script !!

Download

Source Code

#!/bin/bash
#
cat <<EOF
---------------------------------------------------------------------
This scripts exports THIS computers public ssh key to
a clients's ~/.ssh/authorized_keys2 file.

This will enable passworless login from THIS pc to the client.

You need to specify at least the IP/alias of the other pc!
You optionally can specify another username than the actual one.

Usage: ssh_export ip_of_remote_client  [alternate_username]
---------------------------------------------------------------------

EOF

client="$1"
NAME="$2"
THIS_HOSTNAME="$HOSTNAME"

[ "$NAME" ] || NAME="${USER}"
[ "$client" ]  || echo "ERROR: You have to specify at least a client IP or alias."
[ "$client" ]  || exit 1

cd ~/.ssh

echo -n "* Check connection to client ... "
if ping -c 1 $client > /dev/null
then
	echo OK.
else 
	echo Please check the connection.
	echo   - Aborting here.
	exit 1
fi

echo "* Create ssh dir on client, if it not already exists ... "
ssh ${NAME}@$client "mkdir -p ~/.ssh; chmod 700 ~/.ssh"

echo "* Check if a local pub key exist and/or create one ... "
PUB_KEY="id_dsa.pub"
if test -e $PUB_KEY
then
	echo "   - A file named $PUB_KEY exists."
else
	echo "   - Creating a new one."
	ssh-keygen -t dsa 
fi

echo "* Check, if an older key was exported already in former time to the client."
if
        ssh ${client} "if (cat ~/.ssh/authorized_keys2 | grep ${NAME}@${THIS_HOSTNAME});\
                then echo  - WARNING: An older key was exported before to $client. \
			\n  - Please fix manually.; exit 1; \
                fi";
then
        echo "  - Authorized keys file is clean."
else 
	echo "  - Aborting here."
	exit 1
fi

echo "* Copy the public key of THIS pc to the client ... "
scp id_dsa.pub ${NAME}@$client:~/.ssh/id_dsa.pub_${HOSTNAME}

echo "* We make an entry into the authorized_keys file on the client ... "
ssh ${NAME}@$client "cat ~/.ssh/id_dsa.pub_${HOSTNAME} >> ~/.ssh/authorized_keys2; \
   rm ~/.ssh/id_dsa.pub_${HOSTNAME};"

echo "* Secure the local public key ... "
chmod 600 id_dsa.pub

echo ;
echo "* LET'S TEST IT:"
echo "  Now we test with running the following terminal command."
echo "  You should NOT be prompted by a password."
echo ;

if
        ssh ${NAME}@$client "echo   - This is a message on $client."
then 
        echo "  - Congratulation: If you was NOT promptd for a password,"
	echo "     you can login passwordless to your client $client."
else
	echo "  - WARNING: There was an error with the passwordless login to $client."
        exit 1
fi

echo ;
echo ;
echo "** Program ended."
echo ;
echo If you like to remove the automatic login, you have to 
echo remove the public key in the file /home/${NAME}/.ssh/authorized_keys2
echo on your clients - $client - computer.