SSH automation

[Tolgod]

Hi there.
Lately I've been stumbling forward in the area of remote accessing another system, and have some very cool vnc uses working on my a500+ and my V4SA.
I've now found out how I can use SSH to remotely start a VNC server via CLI on my Amiga, however, it will always open a window asking for the server password.
I would like to script it in a way that password entry will be automatic. I have allready set it up in a way that my script connects and, after password entry, will start up a vnc server in the determined geometry and then runs a twinvnc instance setup for that server. What I want is that the password entry will happen scripted so that there is no interruption and no input required.
Everything I put behind the SSH line in the script will only be performed after the authentication is finished. I'm thinking to maybe start the ssh login script from another script and have that script then wait and print something in the openened ssh window with enter. I however have very little prior knowledge and no idea as to how to go about such a thing.
Does anyone here maybe have some pointers for me ?

[stevelord]

TwinVNC lets you specify credentials at launch either via Tooltypes (which means your creds are accessible to anyone with access to the filesystem), or command line argument (which depending on SSH client might be retrievable from the remote server at run-time via Arexx for example).

What are you using as an SSH client?

[Tolgod]

Hi there. I'm using open SSH via CLI.
I understand that twinvnc lets me enter the credentials in the tooltypes, but that is only usefull when the vncsever is already running.I'm accessing my Pi via SSH in order to start a tightvncserver instance. Here I need to enter a pasword and that is what I want to automate. I have about 6 to 8 apps I want to use via vnc, I however do not want my pi to run 6 to 8 desktops from boot. Therefore I went to see how to start and stop the server via CLI using SSH. That way I can script the startup of the server and then the launch of a twinvnc instance with proper credentials.
All I want to do I can now, namely to start and stop the vnc sever from Amiga side. Now I wantto automate that process. There is stuff to find about atomating SSH login, but it is all meant for linux side of the equasion.

[phx]

Quote:

Originally Posted by Tolgod

I'm using open SSH via CLI.

What is "open SSH"? Does it have an option to use identity files (-i on Unix SSH)?

The usual approach would be to create a public/private key pair, store the public key in .ssh/authorized_keys (and authorized_keys2) of your home directory on the pi, and use the private key to identify yourself with the client.

[Tolgod]

Hi phx, openssh in my case is an Amiga port of SSH. I know it does not support everything (open)ssh does on other platforms. However, I have seen the binaries ssh-keygen ssh-keyscan and ssh-keysign, so I'm presuming this authentication method is supported.

Here is a copy of the amiga os readme for openssh :

SUMMARY
=======

OpenSSH is a FREE version of the SSH connectivity tools that technical
users of the Internet rely on. Users of telnet, rlogin, and ftp may not
realize that their password is transmitted across the Internet unencrypted,
but it is. OpenSSH encrypts all traffic (including passwords) to effectively
eliminate eavesdropping, connection hijacking, and other attacks.

This port is currently limited to the OpenSSH clients: ssh, sftp and scp.
Additional tools provided include ssh-keygen, ssh-keyscan and ssh-keysign.


INSTALL
=======

Create a HOME: assign if you don't have one already.
Some tools store files in the HOME:.ssh directory.

Create a DEVS:SSH directory. It is an optional directory used to store
some ssh configuration files.

Copy all the executables to a suitable location such as SYS:Utilities
and check out the documentation available at http://www.openssh.org.


DIRECTORIES
===========

OpenSSH files are stored in different places in this port as follows:
1) /home or ~ now refers to HOME:
2) /etc/ssh now refers to DEVS:SSH
3) /tmp now refers to T:


LIMITATIONS
===========

- Terminal emulation is limited to the facilities provided by your CON:
- ssh detaching with ~& is disabled
- ssh -f option to put ssh into daemon mode is disabled
- ssh_askpass is not supported
- proxy commands are disabled
- any syslog messages are just displayed to stderr


HISTORY
=======

4.5p1-1 - ported ssh, sftp, scp, ssh-keygen, ssh-keyscan and ssh-keysign

[phx]

Ok. Let's assume your openSSH for AmigaOS is more or less complete (I didn't try it).

Use

ssh-keygen

to generate a private/public key pair. RSA with 2048 bits will be sufficient as you are using it in your LAN only. It also makes sure that it works with protocol version 1 (not sure if the Amiga client supports version 2).

Code:

ssh-keygen -f id_yourname -t rsa

This creates

id_yourname

(private key) and

id_yourname.pub

(public key) in your current directory.
Copy the contents of the public key to .ssh/authorized_keys on your pi. Also to authorized_keys2 (or use a link). Then you should be able to log in with your private key, without having to type a password:

Code:

ssh -i id_yourname pi-address

If it works, you may copy the private key to

HOME:.ssh

and make it select the id automatically via your config file. Add to

HOME:.ssh/config

:

Code:

Host pi
        Hostname 1.2.3.4
        IdentityFile HOME:.ssh/id_yourname

After that a simple

ssh pi

should log you in.
Note: Make sure that sshd on your pi still accepts protocol version 1 connections. Under BSD you would check that in

/etc/ssh/ssh_config

- not sure about Linux.

[Tolgod]

Tnx PHX, that was the nudge I needed.

I was ill for a couple of days, so I only saw you reply yday and immediately started trying to implement your solution on my amiga.
It's great to learn about these things and your reply really helped me forward as well as give me a better understanding of ssh in general.

It still took quite some time to figure all out, but late last night after my so maniest sloppy instruction and finally figuring how my setup was functioning, I managed to get it working the way I want.

Your instructions are very good, however, in my case, not 1on1 implementable. This might partially be due to my openssh maybe not being configured quite right yet, idk.
What I've noticed first is that you have to specify the user on the pi as well.
After the keys are made and put where needed to be the command line option would then be :

ssh -i <private key> <pi-username>@<ip-adress pi>

ie (where the private key created is named pikey and placed in home:.ssh, the pi username is pi and the pi ip-address is 192.168.0.0)

ssh -i home:.ssh/pikey pi@192.168.0.0

Another issue I had to get past is the storing of known_hosts.
Each time after amiga reboot I would require to answer "yes" upon first connection with pi.
I figured out that after connectng and answering yes, the directory ram:t/.ssh would be created and there the file known_hosts is placed.
As long as it's there, the terminal won't ask for confirmation when connecting.
Now openssh convention of amiga dictates that a home: assign should be created as well as Devs:SSH and I did.
Moving known_hosts to either home:.ssh or devs:ssh didn't help however.
This might be configurable or not in openssh, but as I'm new to all of this, I found it far more easy to create a simple workaround via user-startup. There I added :

:Begin SSH
assign HOME: <what_ever_location_you_prefer>
makedir ram:t/.ssh
copy HOME:.ssh/<privatekey> ram:t/.ssh
copy HOME:.ssh/config ram:t/.ssh

This way on each boot the directory ram:t/.ssh will be created and the known_hosts file will be placed there.

As you can see, I also did this for the config file you mentioned. Having the setup with config file makes it easier for the future to create ssh scripts, so I created it according to your instructions.
Placing it in home:.ssh or Devs:SSH will not have ssh read it however.
It also needs to be in ram:t/.ssh.
So I left it in home:.ssh and copy it to ram:t/.ssh on each boot.
____________________________________________________________
For others people's convenience my user-startup example also shows the line for how to create the home: assign in user-startup.
Considering the current working creating a home: assign and the SSH folder in Devs: is not necessary per se.In the readme file however it is explained why you would do it. If you are planning to use 3d party apps using ssh on either Amiga or pi side, this might come in handy though. I also found it handy to have it standardized for future script writing.
___________________________________________________________

Creating the text file named config was almost a straight forward copy/paste.
However, also here the user needed to be specified.
This makes it look as follows :

Host pi
Hostname 1.2.3.4
User <pi-username>
IdentityFile HOME:.ssh/<privatekey>

After this was all in place I can now run ssh script unattended like I wanted.

Eureka!

I have tried to make this reply easy to understand and explanatory of some specifics.
This is not for you of course, you've helped me greatly with your knowledge and a simple explanation of what details of your instruction should be different would've surely sufficed.
I have chosen to elaborately describe it as a way to help a next ' noob' like me that would look into this matter and find this post.
It seems to me only fair that if people take the great effort you took to help out a fellow amigan/vampirian, I also report back with the same effort and helpfull intent.

Once more thanks for your great assistance in the matter and now onto the next peaces of the puzzle I'm trying to solve

Best regards

[phx]

Quote:

Originally Posted by Tolgod

What I've noticed first is that you have to specify the user on the pi as well.

Yes, that's possible, and I should have mentioned it. When your current user name on the Amiga doesn't match the login-name on the Pi you have to specify it.

As there is no concept of user names on the Amiga you probably have to set some environment variable for your openSSH implementation?

Quote:

Moving known_hosts to either home:.ssh or devs:ssh didn't help however.

Hmm. A Unix SSH usually places known_hosts into your home directory's .ssh folder. So this is strange.

Quote:

This might be configurable or not in openssh, but as I'm new to all of this, I found it far more easy to create a simple workaround via user-startup.

This is a good workaround, as long as known_hosts doesn't change (by logging in into new machines).

Quote:

After this was all in place I can now run ssh script unattended like I wanted.

Congratulations!

[Lisko]

Hi Tolgod where I can get openssh client for classic amigas? I found only the ppc version

[Tolgod]

Quote:

Originally Posted by Lisko

Hi Tolgod where I can get openssh client for classic amigas? I found only the ppc version

Well, I haven't installed it myself yet starting from a vanilla aos setup, but here you find a list :

http://linuxmafia.com/ssh/amiga.html

Getting it installed on vanilla AOS3 and Apollo OS is the next thing I'm looking into.
I've now done everything from a coffin distro. At first I was unaware coffin allready had ssh installed so I ran the installer from the source in the top of the list

(http://amiga.sourceforge.net/?showpackage=OpenSSH)

This installer ran fine and it was overwtriting everything, so I'm presuming it will work.
If I get around to installing it on different setups I'll report back here. If you've figured it out before me, I'd be happy to read about you experiences here as well

I've got twinvnc now also working on my A500+ (aca expanded) so here I also want openssh working.