Softpanorama
(slightly skeptical)
Open Source Software Educational Society
May the source be with you, but remember the KISS principle ;-)
Softpanorama Search
|
Softpanorama |
May the source be with you, but remember the KISS principle ;-)
Softpanorama Search
|
| News | SSH | Recommended Links | Private and Public key management | Reference | WinSCP |
| ssh-keygen man page | SSH Usage in Pipes | sftp | Tips | humor | Etc |
SCP (Secure CoPy) and SSH in general can be used in batch mode without asking for passwords. That is very convenient for scripts.
1. In this instructions, the user name is the same in both machines. Instructions for different user names could differ from these (but see note below!)
2. The user keys will be stored in ~/.ssh in both machines.
3. At the client, run 'ssh-keygen -t dsa' to generate a key pair. Accept default options by pressing return. Specially, do not enter any passphrase. (Option -d seems to be an alias of -t dsa in some platforms).
4. Change the permissions of the generated .pub file to 600 by commanding chmod 600 id_dsa.pub
5. Copy the public key to the server with scp id_dsa.pub 'user@server:~/.ssh/authorized_keys'. (Caution: if that destination file already exists on the server, copy first to a different file foo and then append the contents with cat foo >> authorized_keys executed on the server).
6. Done! Verify that now you can connect directly from the client with ssh user@server without being prompted for a password.
7. If it doesn't work, verify that in the server your home directory, the .ssh subdirectory, and the authorized_keys file do not have writing permissions to others. If they do, they won't be considered to grant access. You can correct this with something like:
chmod 755 ~ chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
8. If it still doesn't work, try changing the authorized_keys file name to authorized_keys2, or ask your system administrator what file name is ssh actually using.
9. If it worked, you can now run SCP in batch mode with the -B option, as in scp -B foofile 'user@server:~/foodir/'.
The name of the server must have been registered in the known_hosts. This can be done with a regular (with password) ssh connection, and accepting the host as known. Then, the host name should be the same as the one accepted! If you used user@server first, do not use user@server.domain.tk later on!
SSH protocol 2 is assumed in this procedure (it uses dsa keys). If your ssh configuration files (at /etc/ssh/) do not establish this as a default, you may have to force it with the -2 option of the ssh and scp. Moreover, if the default public key is not configured to be "id_dsa.pub" you can specify what key to use for identification with the -i option.
The same procedure worked fine when the username was different in both machines. I simply copied userA's public key at the end of userB's authorized_keys file, then I could login from my client as userA with ssh userB@server.
scp[-aAqQprvBCL1][-S
path-to-ssh][-o ssh-options][-P port][-c
cipher][-i identity]
[[user@]host1:]filename1...[[user@]host2:]filename2
Scpcopies files between hosts on a network. It usessshfor data transfer, and uses the same authentication and provides thesame security asssh.Unlikercp,scpwill ask for passwords or passphrases if they are needed forauthentication.
Any file name may contain a host and user specification to indicatethat the file is to be copied to/from that host. Copies between tworemote hosts are permitted.
ENVIRONMENT VARIABLES
You can turn scp statistics on or off by settingSSH_SCP_STATSorSSH_NO_SCP_STATSenvironment variables. To turn on or off scp statistics for each file,use SSH_ALL_SCP_STATSorSSH_NO_ALL_SCP_STATSenvironment variables. The default value of the statistics can be setwhen the ssh is configured. Next the scp checks those environmentvariables and after that command line options.
See also
ssh(1),sshd(8), ssh-keygen(1), ssh-agent(1),ssh-add(1), rcp(1)
SCP(1)
OpenBSD Reference Manual
SCP(1)
NAME
scp - secure copy (remote file copy program)
SYNOPSIS
scp [-1246BCpqrv] [-c cipher]
[-F ssh_config] [-i identity_file]
[-l limit]
[-o ssh_option] [-P port] [-S program]
[[user@]host1:]file1
[...] [[user@]host2:]file2
DESCRIPTION
scp copies files between hosts on a network.
It uses
ssh(1) for data
transfer, and uses the same authentication and
provides the same security
as
ssh(1). Unlike
rcp(1), scp will ask for passwords or passphrases if
they are needed for authentication.
Any file name may contain a host and user specification
to indicate that
the file is to be copied to/from that host.
Copies between two remote
hosts are permitted.
The options are as follows:
-1 Forces
scp to use protocol 1.
-2 Forces
scp to use protocol 2.
-4 Forces
scp to use IPv4 addresses only.
-6 Forces
scp to use IPv6 addresses only.
-B Selects
batch mode (prevents asking for passwords or passphras-
es).
-C Compression
enable. Passes the -C flag to
ssh(1) to enable com-
pression.
-c cipher
Selects the cipher to use for encrypting the data transfer. This
option is directly passed to
ssh(1).
-F ssh_config
Specifies an alternative per-user configuration file for ssh.
This option is directly passed to
ssh(1).
-i identity_file
Selects the file from which the identity (private key) for RSA
authentication is read. This option is directly passed to
ssh(1).
-l limit
Limits the used bandwidth, specified in Kbit/s.
-o ssh_option
Can be used to pass options to ssh in the format used in
ssh_config(5). This is useful for specifying options for which
there is no separate scp command-line flag. For full details
of
the options listed below, and their possible values, see
ssh_config(5).
AddressFamily
BatchMode
BindAddress
ChallengeResponseAuthentication
CheckHostIP
Cipher
Ciphers
Compression
CompressionLevel
ConnectionAttempts
ConnectionTimeout
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
Host
HostbasedAuthentication
HostKeyAlgorithms
HostKeyAlias
HostName
IdentityFile
IdentitiesOnly
LogLevel
MACs
NoHostAuthenticationForLocalhost
NumberOfPasswordPrompts
PasswordAuthentication
Port
PreferredAuthentications
Protocol
ProxyCommand
PubkeyAuthentication
RhostsRSAAuthentication
RSAAuthentication
ServerAliveInterval
ServerAliveCountMax
SmartcardDevice
StrictHostKeyChecking
TCPKeepAlive
UsePrivilegedPort
User
UserKnownHostsFile
VerifyHostKeyDNS
-P port
Specifies the port to connect to on the remote host. Note that
this option is written with a capital `P', because -p is already
reserved for preserving the times and modes of the file in
rcp(1).
-p Preserves
modification times, access times, and modes from the
original file.
-q Disables
the progress meter.
-r Recursively
copy entire directories.
-S program
Name of program to use for the encrypted connection. The program
must understand
ssh(1) options.
-v Verbose
mode. Causes scp and
ssh(1) to print debugging messages
about their progress. This is helpful in debugging connection,
authentication, and configuration problems.
DIAGNOSTICS
scp exits with 0 on success or >0 if an
error occurred.
SEE ALSO
rcp(1),
sftp(1),
ssh(1),
ssh-add(1),
ssh-agent(1),
ssh-keygen(1),
ssh_config(5),
sshd(8)
HISTORY
scp is based on the
rcp(1) program in BSD source code from the Regents of
the University of California.
AUTHORS
Timo Rinne <tri@iki.fi>
Tatu Ylonen <ylo@cs.hut.fi>
OpenBSD 3.5
September 25, 1999
3
Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
Disclaimer:
Last modified: August 12, 2009