No Password required for SSH

Category: Uncategorized
(1) Comments

Kebutuhan untuk melakukan ssh tanpa password ini muncul ketika saya mengerjakan tugas akhir yang berjudul “Design And Implementation High Throughput Computing Environment Using Condor“. Pada Tugas Akhir tersebut, kebutuhannya adalah me-manage dua buah cluster linux secara remote (via ssh) yang terdiri dari banyak node (cluster1=5node+cluster2=16node, total=21node), dan dilakukan secara berulang-ulang, oleh karena itu mulailah saya mencari teknik utk ssh tanpa memasukkan password, melainkan dengan cara authentikasi menggunakan private key (CMIIW) yang kita generate sendiri. Cara ini adalah spesifik untuk setiap user dan harus dilakukan oleh masing-masing user pada komputer asal dan di copy-kan satu persatu pada komputer tujuan.

Warning : Dengan anda melakukan ssh tanpa password, akan menurunkan tingkat security yang anda miliki. Tutorial ini hanyalah sebagai petunjuk semata dan penulis SAMA SEKALI TIDAK BERTANGGUNGJAWAB (baca : ABSOLUTELY NO WARRANTY) apabila ada kesalahan/vulnerability yang terbuka semakin lebar. D

Sedangkan contoh skenario yang diterapkan disini adalah melakukan ssh dari komputer asal (constantine) menuju komputer tujuan (server.metindo.com).
Langkah-langkahnya adalah sbb :

  1. Generate public/private rsa key pair

    2. lqman@constantine:~$ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/lqman/.ssh/id_rsa):
    Created directory ‘/home/lqman/.ssh’.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/lqman/.ssh/id_rsa.
    Your public key has been saved in /home/lqman/.ssh/id_rsa.pub.
    The key fingerprint is:
    bf:bc:af:19:15:65:f7:3e:81:78:ee:8b:b2:3e:e5:90 lqman@constantine

  2. Copy-kan private key yg telah dibuat ke masing2 komputer yang akan kita lakukan ssh tanpa password

    3. lqman@constantine:~$ ssh-copy-id -i .ssh/id_rsa.pub lqman@server.metindo.com
    The authenticity of host ’server.metindo.com (10.11.12.254)’ can’t be established.
    RSA key fingerprint is 09:56:5d:a2:ed:15:0b:44:5b:c7:b4:7d:d7:08:48:bd.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ’server.metindo.com,10.11.12.254′ (RSA) to the list of known hosts.
    lqman@server.metindo.com’s password:

    Sampai disini anda harus memasukkan password lqman@server.metindo.com lalu tekan ENTER, maka akan muncul tulisan spt dibawah ini :

    Now try logging into the machine, with "ssh 'lqman@server.metindo.com'", and check in:

    .ssh/authorized_keys

    to make sure we haven’t added extra keys that you weren’t expecting.

  3. Lakukan testing

    4. lqman@constantine:~$ ssh lqman@server.metindo.com
    Linux server 2.6.24-1-486 #1 Thu May 8 01:29:10 UTC 2008 i686

    The programs included with the Debian GNU/Linux system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.

    Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.
    Last login: Fri Aug 29 18:35:57 2008 from operator.metindo.com
    lqman@server:~$

    apabila sudah muncul tulisan diatas (lqman@server:~$) , berarti anda sukses melakukan ssh tanpa password (hanya dengan menggunakan private key).

    Happy Hacking bro…

Sumber :

Dari berbagai sumber, terutama google (sorry g bisa sebutin satu persatu, yg jelas copy-paste only ).

Posted by chika at 14/9/2009

create mass user for GK

Category: Uncategorized
(0) Comments

How to create number of users and passwords automatically

If you are a network administrator, and need to register a lot of users at once. It takes a lot of time to register one by one. Instead, if you have a list of users, you can register all users at once using an autopasswd command. However, the autopasswd command does not work properly. I checked different version from different distributions, but all of them does not work. It shows errors, so it needs to be modified. I do not know why the useless comannd is widely distributed.

Modify autopasswd

  • Install expect-5.38.0-88.i386.rpm from Red Hat CD or somewhere else.
    • # rpm -ihv expect-5.38.0-88.i386.rpm
  • As I said, autopasswd command included in expect package does not work properly. In such case, you need to add “sleep” command in the middle. Edit /usr/bin/autopasswd as below,
    • #!/usr/bin/expect -f
    
# wrapper to make passwd(1) be non-interactive
    
# username is passed as 1st arg, passwd as 2nd
    

    set password [lindex $argv 1]
    
spawn passwd [lindex $argv 0]
    
expect {
    
        -re "password:" {sleep 1; send “$password\r”; exp_continue}
    
        -re “password:” {sleep 1; send “$password\r”;}
    
}
    Posted by chika at 14/9/2009

    ant portlet

    Category: TugasAkhir
    (0) Comments

    # cd $GS/src/javax/portlet
    # javac -cp ../../../lib -sourcepath . -d ./buatan/ *.java
    # mv $GS/src/javax/portlet/buatan/ gridsphere-2.2.10/projects/ujicoba/build/classes

    Posted by chika at 4/9/2009