Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

Terje Malmedal (terje.malmedal@usit.uio.no)
Sun, 10 Feb 2002 14:45:29 +0100

[Larry McVoy]
> This is my problem. You could help if you could tell me what exactly
> are the magic wands to wave such that you can ssh in without typing
> a password. I know about ssh-agent but that doesn't help for this,
> I know that in certain cases ssh lets me in without anything. I thought
> there was some routine where you ssh-ed one way and then the other way
> and it left enough state that it trusted you, does any ssh genuis out
> there know what I'm talking about? If I have this, I can set up the
> cron job, I'm sure this is obvious and I'm just overlooking something
> but I can't find it.

When I'm paranoid I do something like this:

Source host:
$ ssh-keygen -t dsa -b 2048 -f keyfile -P ""

on the target add a line to ~someuser/.ssh/authorized_keys2:

from="allowed.hostname",command="/some/command" ssh-dss AA[and the rest of keyfile.pub]

/some/command looks like this:
#!/bin/sh
if cd /target ; then
:
else
echo FAILED1
exit
fi
if cat > filename ; then
:
else
echo FAILED4
exit
fi
if [ \! -s filename ] ; then
echo FAILED2
exit
fi
prev=".9"
for i in .8 .7 .6 .5 .4 .3 .2 .1 ""; do
mv filename$i filename$prev >/dev/null 2>&1
prev=$i
done
if mv filename.transport filename ; then
check=`sum -r filename | awk '{print $1}'`
echo OK$check
exit
fi
echo FAILED3

The command to send the file is typically:
#!/bin/sh
check=`sum -r /file/to/send | awk '{print $1}'`
reply=`(cat /file/to/send ; sleep 5 ) | \
ssh -l someuser -i keyfile target "echo hello there"`
if [ "x$reply" = "xOK$check" ] ; then
echo Copy OK $check
else
echo COPY NOT OK. Please do something.
fi

-- 
 - Terje
malmedal@usit.uio.no
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/