[Bio-Linux] SSH Question

Tue Feb 25 12:02:41 EST 2003

On 2/25/03 11:23 AM, "Dr Dan Swan" <dswan at ceh.ac.uk> wrote:

> On Tue, 2003-02-25 at 15:46, Kerr Wall wrote:
> 
> Hi Kerr,
> 
>> I have a question concerning ssh.  I have received a request from the
>> programmer at Cornell who is responsible for getting FGP tracefiles from our
>> server in an automated fashion to switch from the openSSH server that came
>> with the clone to the comercial version at ssh.com.  He has stated that the
>> script he has written to automatically login to our server doesn't work with
>> openSSH and that it only works with the version from ssh.com.
>> 
>> Would you guys recommend this (ie, would this cause any dependency problems
>> or are there any security concerns that I don't know about)?  If so, what is
>> the best way to uninstall openSSH and then install SSH (I'm guessing that
>> using the rpm command will accomplish this)?  If not, do you have any
>> suggestions for him to get a working perl script to automatically login with
>> openSSH?
> 
> So he wants you to change the OpenSSH daemon on your clone because he's
> using a commercial version of the ssh client?  That's a bit unfair ;)
> 
> Its perfectly possible to install the commercial version of the ssh
> daemon on the clone, although you will not be able to do it using an rpm
> as it supplied as a source tarball.  There's no licencing issue as its
> free for academics.  I would suggest however that your colleague
> downloads the client/base rpms from www.openssh.org and installs those
> on his machine.  I am suprised though, I have not had any
> interoperability issues with open/commercial ssh :
Thanks,  I've forwarded all replies and he has agreed to install openSSH.

> Are you sure you're both using ssh protocol version 2?  They should play
> fair together unless there's a protocol mismatch.
We are both using version 2.

> If he really isn't prepared to do make the switch then I can send you a
> blow by blow account on installing the ssh.com version of sshd and
> replacing OpenSSH.  But I'm not going to recommend it as the best
> solution!
> 
> If he has written the script to log into your clone.. how edoes he know
> it works with the commercial ssh daemon anyway?  Just curious!  Any
> chance we can get a peek at the script (with usernames and passwords
> removed of course!).
Here is the response from Dan (at Cornell):

************************************************************************
I just use key based authentication with a blank passphrase.  The syntax
for login then looks like:

ssh -l username -i path_to_identification_file ip_address

If you're logging in from a user login on your local machine that is the
same as the username on the remote machine, you can oming the -l and -i
parameters since by default it uses your current username and it look
for the ~/.ssh2/identification file.

For further info on setting up key based authentication take a look at
the ssh man file.

In scripts I use it to do lots of things such as running commands
remotely.  For example, to open a file handle in perl that feeds in a
list of all the zip files in the directory (so I get a listing of all
the plates) I was doing this:

open PS_FILES, "ssh -l transfer -i /home/dci1/.ssh2/identification
128.118.180.140 'ls *.zip' |";

I keep the identification file with the private key in my home dir, but
it could be anywhere as long as you tell it how to get to it.
************************************************************************

Thanks,

Kerr