Automated SSH login with lussh
Posted on October 31, 2007
Filed Under Unix
If you replace passwords with SSH keys, your scripts can access a remote machine more securely; also, you can set your password to something preposterously long and complex, or disable SSH passwords altogether, thus making it flat-out impossible to break your password by “brute force.” It’s not hard to set up key-based SSH access, but lussh makes it even more convenient.
You must have access to the remote machine using a password, at least temporarily. lussh will automatically upload your public key to the remote .ssh/authorized_keys file and set the file permissions correctly. That’s usually all that is necessary.
Requirements
We assume you have OpenSSH on your local machine, and an sshd server on the remote machine. That’s pretty much standard with most Linux distributions. lussh will generate the required pair of SSH keys which will be associated with your local account, if you don’t already have them. If you need to access the remote machine from more than one place, you’ll need to run lussh on each of those machines. Copying your .ssh directory is not a good idea, because each machine also has a “host” key — SSH will quite rightly throw a hissy fit if it sees you using the same key from different hosts.
Save the lussh script to your local system and make it executable with “chmod +x lussh”
You only have to run lussh once to set up access. You’ll be prompted for the remote server’s name or IP address, the login name you want to use (the default is the name you use on the local machine), and your password (twice). I’ve made some minor modifications to the original which should create the .ssh directory if it does not exist, and ensure that it has the correct permissions — if your .ssh directory allows group or world access, the ssh daemon will not allow you to log in. (I also fixed a trivial error; the original author’s success message ended with an exclamation point, and bash did not like that.)
If lussh works, you will be able to log in to the remote server using any of these commands:
ssh username@remoteserver
ssh -l username remoteserver
scp
sftp
rsync -e ssh
#!/bin/sh
# lussh originally came from http://lufs.sourceforge.net, 2003
# minor modifications by Brass Cannon LLC - http://brasscannon.com/ - 2003 - 2007.
echo
echo This script will help you setup ssh public key authentication.
host=dummy
while [ -n "$host" ]; do
echo -n "SSH server: "
read host
if [ -n "$host" ]; then
echo -n "user[$USER]: "
read usr
if [ -z "$usr" ]; then
usr=$USER
fi
echo "Setting up RSA authentication for ${usr}@${host}..."
if [ -f ~/.ssh/id_rsa.pub ]; then
echo "RSA public key OK."
else
ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""
fi
scp ~/.ssh/id_rsa.pub ${usr}@${host}:~/
ssh ${usr}@${host} "if [ ! -d ~/.ssh ]; then
mkdir ~/.ssh
fi;
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
rm ~/id_rsa.pub"
echo
echo "You should see the following message without being prompted for anything now..."
echo
ssh ${usr}@${host} "echo Congratulations, you are now logged in as ${usr}@${host}"
echo
echo "If you were prompted, public key authentication could not be configured;"
echo "check remote sshd_config and the file permissions for $HOME/.ssh"
echo
echo "Enter a blank servername when done."
echo
fi
done
echo "End of configuration."
Comments
One Response to “Automated SSH login with lussh”
Leave a Reply
You must be logged in to post a comment.
[…] times little gems like this one appear, and you wonder how in the hell you lived without stuff like […]