SSH

If you put a command at the end, SSH will log into the machine and execute that command, and log back out again. For example, if I wished to print a file on student.physics.ucdavis.edu called myFile.ps on the printer r421xerox then I could use the following command:
damien@local> ssh dmartin@student.physics.ucdavis.edu "lpr -Pr421xerox myFile.ps"

Running commands on remote machines without passwords

• We wish to run a lot of commands
• We want to run a script that will log in and do things for us

The answer is to use passphrases. It takes a little work to get setup, but is well worth the effort once it is done. I will discuss a little bit of the theory, but if you just want to get it working you should look at the example that I wrote.

Theory of passphrases

Example: Setting up passphrases

First time setup

1. Creating the passkey
   
   Open a terminal on the local machine. Then type the following command:
   damien@local > ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/damien/.ssh/id_rsa):

   
   At this point, accept the default and press enter. You will then get the following prompt:
   
   Enter passphrase (empty for no passphrase): kermitthefrogisamuppet
   
   where I have used "kermitthefrogisamuppet" as my passphrase. You will be asked to repeat your passphrase and given a key fingerprint. You don't have to do anything with this information.
   
   Your computer has also created two files: ~/.ssh/id_rsa with your private key and ~./ssh/id_rsa.pub with your public key.
   
   
2. Giving out your public key: remote1.site1.edu:
   
   Now we want to let remote1.site1.edu to allow us to login. To do this, run the following command from your home machine:
   damien@local> scp ~/.ssh/id_rsa.pub dmartin@remote1.site1.edu:.ssh/authorized_keys
   
   At this point, you will be prompted for your password for your account on remote1.site1.edu. Enter it, and you will be done.
   
   
3. Let your machine load your identity:
   
   This setup will let you log in without your password, but it does require that you first identify yourself with your passphrase. The advantage is this only has to be done once per window. In a few moments, I will show you how to fix things so that you don't need to type in your passphrase again until you switch your computer off!
   
   Start by running the command (again, on your local machine):
   damien@local>ssh-add
Enter passphrase for /Users/damien/.ssh/id_rsa: kermitthefrogisamuppet
Identity added: /Users/damien/.ssh/id_rsa (/Users/damien/.ssh/id_rsa)
   
   The local machine now knows who I am (damien) and will let me connect to the host remote1.site1.edu without using a password.
   
   
4. Trying it out:
   
   Now try it out! You should be able to run the following command and be given a prompt without a password:
   damien@local> ssh dmartin@remote1.site1.edu
Last login: Sat Mar 31 23:46:58 2007 from local
dmartin@remote1 ~]$
   
   
5. Adding sites:
   
   So far we can log onto remote1.site1.edu, but what about remote2.site2.edu? The good news is that we don't need to repeat all these steps for each site we want to add. All we need to do is copy the public key onto the different machines!
   
   e.g. To get remote2.site2.edu to work, we would simply run
   damien@local> scp ~/.ssh/id_rsa.pub dmartin@remote2.site2.edu:.ssh/authorized_keys


export SSH_ENV=$HOME/.ssh/environment

function start_agent{
  echo "Initialising new SSH agent...."
  /usr/bin/ssh-agent | sed 's/^echo/#echo/' > ${SSH_ENV}
  echo succeeded
  . ${SSH_ENV} > /dev/null
  /usr/bin/ssh-add;
}

# Source SSH settings if available

if [-f "${SSH_ENV}" ]; then
  . ${SSH_ENV} > /dev/null
  ps -auxww | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || { start_agent; }
else
  start_agent;
fi