[eggPlant Functional] Executing Remote Shell Commands

RSA authentication is convenient in that it allows access to many systems without having to mess with passwords. This type of authentication is also necessary to execute a remote “Unix” command from within an Eggplant script.

Note: The remote system must have ssh installed and sshd running with RSA authentication enabled. Contact your system’s admin if you don’t have sufficient privileges to set that up.

Steps for RSA authentication setup:

1.) On the Eggplant machine create a RSA key using the ssh-keygen utility from within a terminal window. You can open a terminal window from the “Utilities” folder under the “Go” menu of the “Finder”.


$ ssh-keygen �t rsa

2.) When prompted to enter a file for which this key will be saved in, type �./ssh/identity� to indicate that the key should be created under the .ssh directory. You will be asked to supply a passphrase. Press the return key to elect no passphrase. After doing this, a directory listing of ~/.ssh should look like:


-rw------- 1 eggplant eggplant 528 Aug 4 21:37 identity
-rw-r--r-- 1 eggplant eggplant  332 Aug 4 21:03 identity.pub
-rw-r--r-- 1 eggplant eggplant  28106 Jul 26 16:52 known_hosts

3.) Copy the public key, identity.pub, to the hosts you wish to access remotely. You can accomplish this with scp. You may also want to name the key to indicate your present host. For example, you might name a key after your eggplant machine “eggplant.ssh”.


$ scp .ssh/identity.pub remote-user@remote.host:./.ssh/eggplant.ssh

4.) To enable RSA authentication you will need to add the new host key file (�eggplant.ssh�) to the authorized_keys (.ssh/authorized_keys) file on your remote host.


$ cat eggplant.ssh >> .ssh/authorized_keys

Check the permissions of .ssh/authorized_keys, it must have the appropriate permissions enabled (shown below) or you won’t be able to use RSA authentication:


-rw-r--r--   1 solaris solaris    334   Aug 4 21:03 authorized_keys

You should now be all set. You can test this by logging out of the remote server and connecting via ssh:


$ ssh remote-user@remote-host

If done correctly you won’t need a remote password to connect to the host. If you are prompted for a password, or your connection is refused, something is wrong.

For more information consult the documentation for the following: ssh, ssh-keygen, sshd

For SenseTalk specific syntax your inline command might look like this:


shell(<<ssh>>)
   or
put shell(<<ssh>>) into someVar

Here?s the deal, I want to connect my eggplant machine (MAC Mini) to a UNIX system in order to run/execute remote shell commands (basically any command on the UNIX system). I did go through the steps mentioned at the Redstone message boards (http://www.redstonesoftware.com/phpBB2/viewtopic.php?t=380). Yet I am unable to establish a connection. I am still being asked for a password despite generating the required RSA authentication keys.

A few questions that would perhaps help me out.

  1. Is the ?authorized_keys? file created automatically or do we have to create it on our own and then do the necessary?

  2. can you please specify the exact folders where the .ssh and the .pub files have to be located on both the systems.

  3. Is there any way that the password can be provided while trying to establish connectivity against a particular user.

If there is any other way this entire process can be done please help.

First, make sure that you are using the username@remotehost in your ssh and make sure that all the files are in place correctly. Verify that it works from a regular terminal before trying to worry about doing it in Eggplant.

1- The authorized_keys file should be created by the append command " >> .ssh/authorized_keys" if it did not previously exist.

2- .ssh is a directory in the users home so ~/.ssh/ should contain the identity and identity.pub files on the Eggplant machine. The ~/.ssh/authorized_keys file should be on the REMOTE machine (in the user directory that you are SSHing to)

3- If you do not have the RSA setup then you SHOULD get a dialogue box that would enable you to enter the password. If you mean an “automated” way to login. Then yes, you can set an environment variable called SSH_ASKPASS that points to a shell script which echo’s the password. Of course that isn’t particularly secure.

Amit,

Is the “authorized_keys” file created automatically or do we have to create it on our own and then do the necessary?



$ cat eggplant.ssh >> .ssh/authorized_keys


…this should create the file if it doesn’t already exist. This file should reside on the remote host. You can also create this file on the system the keys were generated on and copy this file over to the remote host.

can you please specify the exact folders where the .ssh and the .pub files have to be located on both the systems.

The key files should reside uder your $HOME/.ssh directory on the system that you plan to issue the remote ssh command from - Eggplant system. These files should be named “id_rsa” and “id_rsa.pub” if you do not specify a file name. The default save directory will be “$HOME/.ssh”.

The identity.pub/id_rsa.pub file should be appended to the authorized_keys file under $HOME/.ssh on all machines where you want to login using RSA authentication.

Is there any way that the password can be provided while trying to establish connectivity against a particular user.

This method is still very secure because for anyone to login to your remote account, they need to have your private key and to get that they need to be logged into your account. If they are logged into your account you will have serious security issues anyway.

3)If there is any other way this entire process can be done please help…

RSA is probably the most common method of setting up this type of authentication. On the other hand, you could try to set up an SSH agent. The drawback to using agent is that you will have to do some extra configuration. If you wish to proceed with ssh-agent please consult the ssg-agent man page for a detailed description on usage.

I would also recommend that you consult the man page for ssh-keygen if any of this is still unclear to you.

Thanks a lot guys … The connection’s Working absolutely fine now :slight_smile:

However theres still one more thing i need to ask.
I now tried to connect via SenseTalk scripts and i typed this exactly:

“shell (<>)” where install and 130.1.18.114 are y username and host respectively.

I then opened the console window to check if conenction was established. the prompt looks something like this tty:Ambiguous.
Does this mean that the connection is estabilished. ( i do feel so)
to confirm things i scripted this and tried to run
shell (<>), executes perfectly, however this directory gets created on my MAC machine itself and not on the remote Unix box that i am connected to. Where am i going wrong? My purpose is to execute commands on the remote UNIX box via SenseTalk scripting.

Please Help

Thanks and Cheers,
Amit

Amit,

You need to disable html in your post so I can read your shell command.

Your shell command should look like:


shell (<<ssh systemname 'command_and_arguments'>>)

example:


shell(<<ssh eggplant@192.168.1.105 ?ps ?aux?>>)
 or
put shell(<<ssh eggplant@192.168.1.105 'ps -aux'>>) into someVar

In regards totty:Ambiguous, it does look like communication is being established with your remote host. Please do a web search and consult the ssh man page for additional information.