ssh

Three Common Problems With SSH-Keychains

Three Common Problems With SSH-Keychains

Part of keeping a secure network is periodically backing up data or system logs, but if you have more than a handful of computers then logging on to each individual workstation can be a hassle.  So what's a lazy (I prefer "efficient") Systems Administrator to do?

Why, automate it through scripts, of course.

Typically, in order to automate retrieving data from multiple workstations, you need to build a script that remotely logs on to each workstation using secure shell, or SSH. Unfortunately, the process of using SSH to access a workstation requires you to authenticate with each workstation, preventing you from automating it without either:

  • Embedding the username and password into your script
  • Disabling authentication completely
  • Manually typing in the username and password each time you run the script

Fortunately, there is an alternative:  SSH-Keychains.  SSH-Keychains utilize Public Key Infrastructure (PKI) to generate a public and private key to authenticate the server and account with each workstation without the use of a normal password.

Creating an SSH-Keychain should be a quick process using the ssh-keygen command and copying the public key (id_dsa.pub) to the ~/.ssh/authorized_keys file, but sometimes the process still hangs up.  So you'll need to troubleshoot the issue using ssh -v to determine why the SSH is failing.  It could fail because:  Destination is not found in the known_hosts, public key failed, or failed keyboard-interactive (configuration file settings).