From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephen Samuel <samuel@bcgreen.com>
Subject: Re: ssh auto-login-script
Date: Tue, 07 Sep 2004 11:33:20 -0700
Sender: linux-admin-owner@vger.kernel.org
Message-ID: <413DFEF0.6040207@bcgreen.com>
References: <413F4A9A.90800@gmx.de>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <linux-admin-owner@vger.kernel.org>
In-Reply-To: <413F4A9A.90800@gmx.de>
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: DerPuh <Puhbaer01@gmx.de>, linux-admin@vger.kernel.org

You're probably far better off to use ssh-keygen and public key
authentication...

The quickie method:

ssh-keygen -f qlogin -t rsa

When it asks for a password, just hit enter twice.
This creates a passwordless private key file.

There will be two files:  qlogin and qlogin.pub

qlogin.pub is the public key. copy it to the destination
box, and add it to the appropriate user's .ssh/authorized_keys2
file.   It doesn't need MUCH protection, unless you have enemies
in the NSA. Nontheless, it is prudent to make it readable only
by the owner.

At this point, you can simply go:

ssh -i qlogin user@remotebox

In this case the contents of the qlogin file is (effectively)
your pasword, and should only be readable by yourself (mode 400)

On the destination end, you can also modify the key to limit what
you can do with it -- most notably, you can limit it so that you
can only run a specific command:

if the original key looks like:
ssh-rsa AAAAB3NzaC1yc......HzoU= samuel@source.com
      (I deleted most of the key and replaced with .....)

then prepend the following:
command="/home/me/bin/dothis"  ssh-rsa AAAAB3NzaC1yc......HzoU= samuel@source.com

At that point, anybody who gets hold of the key will ONLY beable to run
the /home/me/bin/dothis program (no matter what they put on the ssh
comand line).  You might also want to turn things like port forwarding
off.

DerPuh wrote:
> Hi everybody!
> 
> I have to find a possibility to send a password directly to the ssh 
> password-prompt with a shell-script...
> 
> i tried to send it by pipe but it is blocked by the client...
> 
> does anyone have an idea if it is possible and if it is, how it works?
> 
> thx, DerPuh


-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
      the jewel within each person and bringing it to light.