ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antoine Levy Lambert <anto...@gmx.de>
Subject Re: Tomcat Client Deployer
Date Mon, 08 Mar 2010 00:06:52 GMT
Kaushal Shriyan wrote:
>
> Hi again,
>
> I have couple of questions:
>
> <target name="stop-tomcat">
>  <!-- Executes remote command via ssh -->
>  <sshexec host="host0072.example.com" username="kaushal"
> password="xxxxxx" trust="true"
>           command="sudo /etc/init.d/tomcat0 start" />
>  </target>
>
> the password field is exposed here. is there a way to secure it. ?
>   
You can create yourself a ssh public/private key pair.
Assuming you are using a PC and have installed cygwin on the PC, and 
also the openssh of cygwin, you can do this :

ssh-keygen -t rsa

for automated work it is easier to create a private key without 
passphrase. You may also want not to do that for security reasons, it is 
up to you. As soon as you do fully automated work, passwords have to be 
either not requested by the system or hard-coded somewhere.

Then copy the public key id_rsa.pub as authorized_keys in the .ssh 
folder of the remote host. The authorized_keys file must be readable and 
writable only for its owner, the .ssh directory must be rwx only for its 
owner too, and the home directory must not be writable by group or other


someuser@somehost # ls -ld . .. authorized_keys
drwx------   2 someuser staff          512 Jun 12  2009 .
drwxr-xr-x  45 someuser staff         1536 Mar  7 18:24 ..
-rw-------   1 someuser staff         1662 May 27  2009 authorized_keys

afterwards you can use the sshexec task with the keyfile attribute 
instead of the password attribute. keyfile is usually 
${user.home}/.ssh/id_rsa (for a RSA key)

Then for sudo it is possible to configure "sudoers" to allow certain 
commands without password entry. Our UNIX admin does that.

Regards,

Antoine
> Also when i run the command ant -lib lib/ stop-tomcat the string
> "command="sudo /etc/init.d/tomcat start"" asks for password
> again on the stdout. is there a way to handle this condition since i
> need to start tomcat server as tomcat user.
>
> Thanks and Regards,
>
> Kaushal
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message