On Fri, Jan 23, 2004 at 02:03:52AM +0100, Vincent Lefevre wrote:
> I would like to know how I can disable password authentication for scp
> (on the client side), i.e. I want to connect by RSA authentication only,
> and if this is not possible, I want scp to fail.
>
> The reason is that scp is called from a perl script, and if a password
> is required[*], the script hangs until a password is given.
>
> [*] This should never happen, but in the reality, the ssh server isn't
> reliable (probably a NFS problem, which means that the RSA public key
> can't be read).
From ssh(1) I think this is what you are looking for:
"-n Redirects stdin from /dev/null (actually, prevents reading from
stdin). This must be used when ssh is run in the background. A
common trick is to use this to run X11 programs on a remote
machine. For example, ssh -n shadows.cs.hut.fi emacs & will
start an emacs on shadows.cs.hut.fi, and the X11 connection will
be automatically forwarded over an encrypted channel. The ssh
program will be put in the background. (This does not work if
ssh needs to ask for a password or passphrase; see also the -f
option.)"
or
"SSH_ASKPASS
If ssh needs a passphrase, it will read the passphrase from the
current terminal if it was run from a terminal. If ssh does not
have a terminal associated with it but DISPLAY and SSH_ASKPASS
are set, it will execute the program specified by SSH_ASKPASS and
open an X11 window to read the passphrase. This is particularly
useful when calling ssh from a .Xsession or related script.
(Note that on some machines it may be necessary to redirect the
input from /dev/null to make this work.)"
or even:
"$HOME/.ssh/config
This is the per-user configuration file. The file format and
configuration options are described in ssh_config(5)."
and from ssh_config(5):
"DESCRIPTION
ssh obtains configuration data from the following sources in the follow-
ing order:
1. command-line options
2. user's configuration file ()
3. system-wide configuration file ()
For each parameter, the first obtained value will be used. The configu-
ration files contain sections bracketed by ``Host'' specifications, and
that section is only applied for hosts that match one of the patterns
given in the specification. The matched host name is the one given on
the command line.
Since the first obtained value for each parameter is used, more host-spe-
cific declarations should be given near the beginning of the file, and
general defaults at the end.
The configuration file has the following format:
Empty lines and lines starting with '#' are comments.
Otherwise a line is of the format ``keyword arguments''. Configuration
options may be separated by whitespace or optional whitespace and exactly
one '='; the latter format is useful to avoid the need to quote whites-
pace when specifying configuration options using the ssh, scp and sftp -o
option."
and the following options:
"Host Restricts the following declarations (up to the next Host key-
word) to be only for those hosts that match one of the patterns
given after the keyword. '*' and ''? can be used as wildcards
in the patterns. A single '*' as a pattern can be used to pro-
vide global defaults for all hosts. The host is the
argument given on the command line (i.e., the name is not con-
verted to a canonicalized host name before matching)."
and
"BatchMode
If set to ``yes'', passphrase/password querying will be disabled.
In addition, the ProtocolKeepAlives and SetupTimeOut options will
both be set to 300 seconds by default. This option is useful in
scripts and other batch jobs where no user is present to supply
the password, and where it is desirable to detect a broken net-
work swiftly. The argument must be ``yes'' or ``no''. The
default is ``no''."
and
"PasswordAuthentication
Specifies whether to use password authentication. The argument
to this keyword must be ``yes'' or ``no''. The default is
``yes''.
also
"FILES
$HOME/.ssh/config
This is the per-user configuration file. The format of this file
is described above. This file is used by the ssh client. This
file does not usually contain any sensitive information, but the
recommended permissions are read/write for the user, and not
accessible by others.
/etc/ssh/ssh_config
Systemwide configuration file. This file provides defaults for
those values that are not specified in the user's configuration
file, and for those users who do not have a configuration file.
This file must be world-readable."
Hope that helps,
Bijan
--
Bijan Soleymani <bijan@psq.com>
http://www.crasseux.com
Attachment:
signature.asc
Description: Digital signature