- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- using ssh/scp/sftp
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2009 11:31 PM
тАО04-13-2009 11:31 PM
I generate a key from server A as root user and copy to server B authorize_key. and now I can send files from A to B, but: I'm littel warried:
1. can server B access to server A?
2. can server B send files to server B?
basiclly I want only server A to send files to server B, and not allow server B to access.
thanks
Ahmed
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2009 11:35 PM
тАО04-13-2009 11:35 PM
Re: using ssh/scp/sftp
Have you tried it? (What happened?)
> 2. can server B send files to server B?
Have you tried it? (What happened?)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-13-2009 11:40 PM
тАО04-13-2009 11:40 PM
Re: using ssh/scp/sftp
will, I dont have access to server B. I only pass the key to other end Administrator.
Rgds,
Ahmed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2009 01:09 AM
тАО04-14-2009 01:09 AM
SolutionNobody on server B can access server A because of this key in any way.
With your setup, the root user (and nobody else) on server A can both "push" and "pull" files:
From A to B:
serverA> scp /some/file.txt serverB:/some/dir
From B to A:
serverA> scp serverB:/some/file.txt /some/dir
If the key was copied to the authorized_keys file of a non-root user on server B (for example "userB"), you should be aware of two things:
- You must always specify the target username when accessing server B:
scp /some/file.txt userB@serverB:/some/directory
sftp userB@serverB
If you don't specify the username, the default is the same username as you're using on server A (i.e. root). If you don't know the correct username on server B, ask the administrator of server B: there is no way you can find it out on your own except by blindly trying all possible usernames.
- On server B, you can only access the directories userB has access to. You don't automatically have root access on server B just because you are root on server A.
If you want to allow a non-root user on server A to do the copying, you don't need to create new keys: you can just copy the /root/.ssh/id_* files to the ~/.ssh directory of that user and chown the key files to that user. Of course, if you have set a passphrase to that key, you must then allow the user to know the passphrase.
(A good security principle: always use the lowest privilege level that is adequate for the job. If there is a malfunction or an attack, this limits the amount of damage that can be caused.)
Make sure that the private key file is never readable by anyone other than its owner. Otherwise the SSH tools will regard the key as "unsafe" and won't use it.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2009 01:34 AM
тАО04-14-2009 01:34 AM
Re: using ssh/scp/sftp
It is claer now to me,...
The reasone I generate a key with a root id, is because with any other user-id key I'm getting prompt for a passowrd to be entered on server B when using scp.
any idea way?
Ahmed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2009 01:45 AM
тАО04-14-2009 01:45 AM
Re: using ssh/scp/sftp
>>1. can server B access to server A?
No its not possible
>>2. can server B send files to server B?
Why you need this because your file is already into server B.
>>The reasone I generate a key with a root id, is because with any other user-id key I'm getting prompt for a passowrd to be entered on server B when using scp.
hey you can create this key with other user-id also by doing the same procedure you can create normal users passwd less key.
Suraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2009 01:50 AM
тАО04-14-2009 01:50 AM
Re: using ssh/scp/sftp
Yes I did create a key with other user-id but when trying to scp server B I'm prompt to enter the password, but not if I'm a root.
hope it is clear
Ahmed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2009 02:16 AM
тАО04-14-2009 02:16 AM
Re: using ssh/scp/sftp
If the home directory of the non-root user has "group write" or "everyone write" permissions, the ssh client will regard the home directory as "unsafe" - even if nobody other than this user belongs to the group. The client will refuse to use unsafe private keys.
Maximum recommended permissions so that ssh key authentication still works:
User's home directory:
chmod 755 or drwxr-xr-x
The directory must be owned by this user or root.
(If you need group-writable directories, you can create writable sub-directories within the home directory.)
~/.ssh directory:
chmod 700 or drwx------
The directory must be owned by this user or root.
~/.ssh/id_* files and ~/.ssh/authorized_keys file:
If the files exist, they must be owned by this user or root. File permissions of the private key files must be chmod 600 or -rw-------.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-14-2009 02:26 AM
тАО04-14-2009 02:26 AM