Problems? Is your data what you think it is? | |
PerlMonks |
Re: ssh to set of linux serversby sundialsvc4 (Abbot) |
on Sep 28, 2015 at 20:04 UTC ( [id://1143287]=note: print w/replies, xml ) | Need Help?? |
Categorically speaking, you should a-l-w-a-y-s use SSH keys, and n-e-v-e-r use passwords. Passwords should never be embedded in a script. When you ssh to a remote server that has the proper key installed (in the hidden .ssh directory of the user you are connecting to), there is no password-challenge. The ssh-keys daemon, which should be running on the local userid, provides the necessary key to the remote, which authenticates you, asking no further questions. (In fact, you should set up each sshd so that it will not accept “password” access.) Instead of saying, “say the magic word,” the remote sshd demands that the client present a known, and should-be unique, badge. If the remote system possesses a recognized badge, access is granted to that particular account ... which, of course, should be an account specifically dedicated to the use of “this” script. Your remote should have a set of five unique certificates: one for each of the five systems, and all five specific to this script (or set of scripts). Each of the five systems should have, in its list of acceptable certificates for the specified userid, its certificate from this set. Only the expected script, which possesses all five, can seamlessly connect to all five servers, and then only to the expected userid on each.
In Section
Seekers of Perl Wisdom
|
|