FreeKB - Bash Shell Scripting Getting Started with SSH
Bash Shell Scripting - Getting Started with SSH

Before creating a bash shell script that will make an SSH connection to target server(s), the ssh command can be used to determine if you are able to make an SSH connection to the target server(s).

SSH has a couple different authentication method.

  • Password authentication
  • Public/Private key authentication

The SSH server will be configured with password authentcation, passwordless authentication, or both. The ssh command with the -v (verbose) flag can be used to determine the authentication methods of the SSH server.

Passwordless authentication

If the SSH server is configured to accept passwordless authentication, and OpenSSH is being used, refer to public key authentication with OpenSSH on Linux to configure passwordless SSH authentication. In this scenario, the following bash shell script will make an SSH connection to the target server using passwordless authentication and list the contents of the /tmp directory.

#!/bin/bash
ssh -i id_rsa john.doe@server1.example.com "ls /tmp"

 

Password authentication

If the SSH server is configured to accept password authentication, password authentication will occur when passwordless authentication fails. In this scenario, the following bash shell script will make an SSH connection to the target server using password authentication and list the contents of the /tmp directory.

#!/bin/bash
ssh john.doe@server1.example.com "ls /tmp"

 

 

Known hosts

Regardless if you are using a password or passwordless authentication, when using the ssh command to make an SSH connection to a target server, if the public certificate of the targer server (server1.example.com in this example) is not listed in the /etc/ssh/ssh_known_hosts or /home/username/.ssh/known_hosts file on the client, a prompt will appear stating The authenticity of host 'hostname (ip address)' can't be established.

ssh john.doe@server1.example.com
. . .
The authenticity of host 'server1 (192.168.0.5)' can't be established
DSA key fingerprint is BB37 83F2 5E3A 7A4C 6C84  F047 D97B DD4E 38BB 2082
Are you sure you want to continue connecting (yes/no)?

 

Typing yes and pressing enter will display the following. The public certificate of the targer server will be appended to the /etc/ssh/ssh_known_hosts or /home/username/.ssh/known_hosts file on the client. As long as the public certificate remains in the known hosts file on the client, the authenticity of host 'hostname (ip address)' can't be established will not be displayed when making an SSH connection to the target server.

Permanently added 'server1.example.com,10.1.2.3' (RSA) to the list of known hosts.

 

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter b7cdf in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |