System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

SCP --- Without promting for Password

 
Vidhya B
Frequent Advisor

SCP --- Without promting for Password

Hi all,

I need to do scp among our servers without prompting for password only from a particular user. I have heard that keys of that server has to be updated in the authorized_keys file. I found two keys in my servers rsa and dsa. Which key am I supposed to share?

I tried giving rsa key of one server in the authorized_keys of the other server. But I was again promped for password. I tried the same with the dsa key also.

Am I supposed to do anything after changing the authorized_keys file? Else is there anything else I have to do?

Kindly help me with this. Thanks in Advance!!!
32 REPLIES
Steven Schweda
Honored Contributor

Re: SCP --- Without promting for Password

A Forum search for keywords like, say,
password ssh
or
passwordless ssh
should find many old threads which cover this
topic (many times).

> [...] our servers [...]

Not a very detailed description of anything.

uname -a
ssh -V

> I found two keys in my servers rsa and dsa.

Where? As usual, showing actual commands
with their actual output can be more helpful
than vague descriptions or interpretations.

> I tried giving rsa key of one server in the
> authorized_keys of the other server.

See the previous comment.
Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi all,

The dsa and rsa keys are found in the .ssh directory of the user's home directory.

server:root-/home/glance/.ssh>ll
-rw------- 1 glance users 604 Mar 24 11:14 authorized_keys
-rw------- 1 glance users 668 Apr 28 2010 id_dsa
-rw------- 1 glance users 604 Apr 28 2010 id_dsa.pub
-rw------- 1 glance users 1675 May 5 2010 id_rsa
-rw------- 1 glance users 396 May 5 2010 id_rsa.pub
-rw-r--r-- 1 glance users 34476 Mar 24 04:06 known_hosts
Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi,

Here is the output of ssh -V

root-/>ssh -V
OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8l 5 Nov 2009
HP-UX Secure Shell-A.05.30.008, HP-UX Secure Shell version


We have servers of all the three version 11iv1,v2 and v3.

Please help on this.
Sentinel_2
Advisor

Re: SCP --- Without promting for Password

Make sure .ssh directory has 700 permissions.

Regards
Steven Schweda
Honored Contributor

Re: SCP --- Without promting for Password

> A Forum search for keywords like, say,
> [...]

Did you look?

Did you see all the requests for the output
when you add "-v" (or "-vv", or "-vvv") to
your ssh or scp command?

Did you see all the suggestions to look at
the system log file on the server?
Mel Burslan
Honored Contributor

Re: SCP --- Without promting for Password

copy id_rsa.pub to the remote server

on remote server

USER=username-here
cat id_rsa.pub >> ~${USER}/.ssh/authorized_keys

chmod 700 ~${USER}/.ssh
chmod 600 ~${USER}/.ssh/authorized_keys

and this is pretty much it. If after doing this, you are still getting prompted for password, run this command from local system:

ssh -vvv -l username remote-servername

and post the output here.

Hope this helps
________________________________
UNIX because I majored in cryptology...
Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi,

I have shared the id_rsa.pub of both the servers. But the commmunication is unidirectional.

Please find the Attachment for ssh -vvv -l username remote-servername.

Please help with the issue.

Thanks In Advance !!!
Jitesh purohit_1
Regular Advisor

Re: SCP --- Without promting for Password

Hi Vidya ,

What's OS version of your source & Destination server ,

Are you trying to connect to a Wintel / Unix file server ?

=============
debug2: ssh_connect: needpriv 0
debug1: Connecting to filesvr [Remote Server IP] port 22.
==============

Thanks
Jitesh
Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi all,

Please find the uname -a output below.

Source:/>uname -a
HP-UX bkpsvr B.11.23 U ia64 2564450715 unlimited-user license

Destination:/>uname -a
HP-UX filesvr B.11.23 U 9000/800 77929270 unlimited-user license


Please help me with this.
Muller, W.D.
Occasional Advisor

Re: SCP --- Without promting for Password

Hi,

Once and a while I have to configure new servers with the same issue.

Please follow the steps mentioned in the next url exactly, and all your wishes will come true:-)

http://waelchatila.com/2005/06/06/1118124232757.html

Do not forget the "chmod 700" part!

bye

Waldemar
Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi,

I read the url and I tried the steps given in it. Even then its not working.

Please help me with this.
Steven Schweda
Honored Contributor

Re: SCP --- Without promting for Password

> [...]
> debug1: Offering public key: /home/glance/.ssh/id_rsa
> [...]
> debug1: Offering public key: /home/glance/.ssh/id_dsa
> [...]
> debug1: Next authentication method: keyboard-interactive

The server did not like your key data.

> Did you see all the suggestions to look at
> the system log file on the server?

Well, did you?

The server probably knows why it was unhappy,
but it doesn't always tell the client. You
may need to look at the system log file on
the server to see what it didn't like.
Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi,

I am facing this issue now only.
Before we had scp communication unidirectionally from server1 to server2 without password. I wanted to make this communication bidirectional. So I have shared the id_rsa.pub key.

Now Server2 is able to scp without password to server1. But the server1 is not able to scp without password.

Please help me with this.
Mel Burslan
Honored Contributor

Re: SCP --- Without promting for Password

Okay, when you say, you shared the public keys, I am assuming you you used the same public key. Is that right ? If so, make sure you have the corresponding private key id_rsa or id_dsa depending on which one you are using, be available on both servers, in ~$USERNAME/.ssh

Public key sharing alone does not make much sense unless you have the private part of of the key.

On server2, find the id_rsa file under the user's .ssh directory and copy it to the server1 and put it the same place you picked it up on server2.

This should get you going.
________________________________
UNIX because I majored in cryptology...
Steven Schweda
Honored Contributor

Re: SCP --- Without promting for Password

> Okay, when you say, you shared the public
> keys, I am assuming [...]

"I am assuming" means that he doesn't know
what you did. I don't know what you did. We
don't know what you did, because you didn't
tell us what you did.

> [...] As usual, showing actual commands
> with their actual output can be more helpful
> than vague descriptions or interpretations.

Still true.

We also can't see your key files, or any of
the file or directory permissions or
ownership.

> [...] You
> may need to look at the system log file on
> the server to see what it didn't like.

Still true. We can't see what's in there,
either.

> Please help me with this.

You first.
madhuchakkaravarthy
Trusted Contributor

Re: SCP --- Without promting for Password

hi vidhya

follow the steps...

in node A:

in home dir of user A

cd /home/userA
mkdir .ssh
cd /home/userA/.ssh
ssh-keygen -t rsa
type enter for all.

rcp the id.rsa.pub key to node B in home dir of user B.

cd /home/userB/.ssh
cat id.rsa.pub >authorized_keys.
then rm the id.rsa.pub key.

ssh-keygen -t rsa
type enter for all.

rcp the id.rsa.pub key to node A in home dir of user A.(before rcp,rename the public key id.rsa.pub to nodeA.id.rsa.pub)
then do rcp.
cat id.rsa.pub >authorized_keys
now again rename the nodeA.id.rsa.pub to id.rsa.pub


then do ssh ipaddress of node A from Node B and vice- versa

then after u can do scp or sftp.

regards

MC



Abid Iqbal
Regular Advisor

Re: SCP --- Without promting for Password

Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi,

Thankyou for all your replies.

I had already followed the steps provided in the doc by Abid Iqbal.

I have generated ssh key. I have shared the id_rsa.pub key of one server to another server's authorized_keys file which is found in the .ssh directory of user's home directory.

Actually since I am trying to do scp bi-directionally without password, I have done the same sort of sharing in the other server also.

Even then I am prompted for password. I can do scp without password only unidirectionally. I am not able to do it bi-directionally.

Is there anything else I need to do?
Kindly help.
Mel Burslan
Honored Contributor

Re: SCP --- Without promting for Password

Are you doing this as root ? Because, there is a provision specific to root login via ssh connections in the sshd_config file.

Otherwise, I would vote on ownership and permissions of .ssh (700) directory and authorized_keys (600) file. Make sure they are owned by the username which is using/storing these files. And permissions are as such indicated in parentheses above.

In the direction it is asking you for a password, run this command and post the whole output here:

ssh -vvv remote_server_name

________________________________
UNIX because I majored in cryptology...
Steven Schweda
Honored Contributor

Re: SCP --- Without promting for Password

> Is there anything else I need to do?

You might read some of the previous responses
here, and answer the questions in them, or
follow the suggestions in others. For
example:

> [...] As usual, showing actual commands
> with their actual output can be more helpful
> than vague descriptions or interpretations.

> [...] look at
> the system log file on the server?

> [...] You
> may need to look at the system log file on
> the server to see what it didn't like.

> > [...] You
> > may need to look at the system log file on
> > the server to see what it didn't like.
>
> Still true. We can't see what's in there,
> either.


> I had already followed the steps [...]

This does not show me exactly what you did.

> I have generated [...]. I have shared [...]

This does not show me exactly what you did.


Have you considered looking for clues in the
server's system log file? It's only a
thought.


> Kindly help.

I've tried, but it seems to be hopeless.
Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi Stephen,

>>I had already followed the steps provided in the doc by Abid Iqbal.

This is the document I mentioned.
http://www.linuxjournal.com/article/8600


Hi all,

I am not using root user for scp.
I have assigned permissions as stated by Mel Burslan. Still I am prompted for password.
I checked the logs also.

PFA for ssh -vvv output.

madhuchakkaravarthy
Trusted Contributor

Re: SCP --- Without promting for Password

hi

capture the screen logs that u have used for generating the ssh keys and send.

send the steps that u have used for generating the ssh.

regards

MC
Vidhya B
Frequent Advisor

Re: SCP --- Without promting for Password

Hi,

These are the steps I followed.

ssh-keygen -t rsa
Generating public/private rsa key pair.

Enter file in which to save the key (/home/glance/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/glance/.ssh/id_rsa.
Your public key has been saved in /home/glance/.ssh/id_rsa.pub.
The key fingerprint is:
b7:84:cc:46:4e:02:12:72:56:0b:62:4e:5b:d4:f5:35 glance@vaigai


I have generated the ssh key using the above steps. Then I shared this key to the other server.

In the other server,
cat id_rsa.pub_vaigai>>/home/glance/.ssh/authorized_keys
madhuchakkaravarthy
Trusted Contributor

Re: SCP --- Without promting for Password

hi

every thing is fine.

after appending it to authorized keys remove the public key from that machine. and generate the ssh key for second machine and rcp to first machine .

before doing rcp to first machine mv the public key of first machine to mv id.rsa.pub to id.rsa.pub.first machine

then do rcp and append it to authorized_keys

after appending mv id.rsa.pub.first machine to id.rsa.pub

home dir permission 755 .ssh -- 700 authorized_keys --- 600

regards

MC