2

Unfortunately, my web hosting plan does not allow public key authentication. Apparently, this method is available to VPS and dedicated server customers only.

I've backed up my Ubuntu 11.10 machine using Deja-Dup and I'm sending the backed up files to my web host using rsync.

I would like to automate this process using a script, but as I am not able to use public key authentication, I am forced to manually copy and paste my (strong) SSH password each time to start the process.

Is there a way round this? If so, how?

unpossible
  • 817
  • 1
  • 9
  • 20
  • did they really disable pubkey auth, or you just don't have the possibility to use the web control panel to add keys? Can you access the .ssh/authorized_keys file via sftp ? – mkm Oct 29 '11 at 12:05
  • I connected to web space via ssh and executed `$ mkdir ~/.ssh/authorized_keys` and transferred my public key into this directory using scp. I closed SSH session and logged back in, but I was still prompted for my SSH password. – unpossible Oct 29 '11 at 12:34
  • 1
    @mejpark `~/.ssh/authorized_keys` should be a file containing the public keys, not a directory. The recommended method to populate this file is `ssh-copy-id`, see the link in my answer (or the `ssh-copy-id` man page). – Gilles 'SO- stop being evil' Oct 29 '11 at 12:45

1 Answers1

1

If you need to enter your password, you'll have to do it through expect, because ssh insists on passwords coming from a terminal. Here's an example expect script.

It's possible that the host has disabled public key authentication, but that would require that they deliberately turn it off (with PubkeyAuthentication No in /etc/sshd/sshd_config). There's no technical reason why they'd do it, it would be purely for market segmentation.

I recommend that you first try to make public key authentication work. Follow this procedure to generate and upload a key. Don't hesitate to ask here if something doesn't work; if you tell us what you tried and what error messages you got, we might be able to propose a workaround. If you run into problems, post the sshd configuration (/etc/sshd/sshd_config if the web host is running Ubuntu, maybe another location like /etc/sshd_config if the host is running some other distribution), and the output of ls -ld ~ ~/.ssh; ls -l ~/.ssh.

Community
  • 1
Gilles 'SO- stop being evil'
  • 59,745
  • 16
  • 131
  • 158
  • @mejpark Ok, nothing unusual there, other than `authorized_keys` being a directory. Remove the directory before running `ssh-copy-id`. – Gilles 'SO- stop being evil' Oct 29 '11 at 14:18
  • `$ ls -ld ~ ~/.ssh; ls -l ~/.ssh drwx--x--x 18 mejpark mejpark 4096 Oct 29 05:48 /home/mejpark drwxr-xr-x 3 mejpark mejpark 4096 Oct 29 05:48 /home/mejpark/.ssh total 4 drwxr-xr-x 2 mejpark mejpark 4096 Oct 29 05:48 authorized_keys` I created `.ssh` & `authorized_keys` directories myself. `/etc/ssh` does not exist on web space. Hostgator rep said public key authentication is not available on my 'baby' plan. Here's link to `/etc/ssh/ssh_config` file on my machine: http://pastebin.com/EDqgNaUV. – unpossible Oct 29 '11 at 14:23
  • Running: `$ ssh-copy-id me@mydomain.co.uk -p 2222` <-- file isn't copied to server. No error message is displayed, just a blinking cursor in terminal. – unpossible Oct 29 '11 at 14:41
  • @mejpark `ssh_config` is irrelevant, look for a file called `sshd_config`. It is possible that Hostgator deliberately switched off public key authentication so that they could charge more for this convenient feature. You might still be able to run your own ssh daemon, though. What unix variant is the server running on (run `uname -a; lsb_release -a; cat /etc/*version* /etc/*release*`)? Also, why did you use `-p 2222` (unless you normally connect with `ssh -p2222`, don't add `-p`)? – Gilles 'SO- stop being evil' Oct 29 '11 at 15:22
  • A step closer. I copied my public key to remote host using Seahorse. Now, when I log in the following message is shown: `$ ssh -p 2222 me@mydomain.co.uk Agent admitted failure to sign using the key. me@mydomain.co.uk's password:` – unpossible Oct 29 '11 at 15:25
  • I believe the SSH server is configured to listen on non-standard port 2222. `$ uname -a` yields `Linux gator707.hostgator.com 2.6.38.7 #5 SMP Wed Jun 8 01:26:17 CDT 2011 i686 i686 i386 GNU/Linux`. The last 3 commands are not recognised. – unpossible Oct 29 '11 at 15:31
  • 1
    @mejpark Please try `ssh -vvv -p 2222 me@mydomain.co.uk` and show the transcript. There's a good chance that the host is not supporting keys though; this gives you the options of running your own ssh daemon (if the host will allow it), using `expect`, or paying more for having public key authentication. – Gilles 'SO- stop being evil' Oct 29 '11 at 15:33
  • http://pastebin.com/dw7Uz5bU – unpossible Oct 29 '11 at 15:41
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/1677/discussion-between-mejpark-and-gilles) – unpossible Oct 29 '11 at 15:43