Wednesday, February 17, 2010

SCP or SSH without password

I have many requests from user on how they can set up a linux server to be able to ssh or scp to another linux server without having to authenticate ( to move data with cron jobs, scripts etc ). This is REALLY so easy you wont believe it, but since you are here... reading this ... I take it is is NOT so easy then hey ;-)

Firstly, make sure that you actually have the neccesary routing and firewall rules in place for you to ssh to your destination Linux server. SO log into you server and do a normal ssh session to the other server:

ssh user@server.ip.address

This should prompt you for a username if you have connected before, or ask you (only once) to save the host key details for the server and then ask you for the password. Once this is confirmed, continue reading.

OK, so what you need to do is to check the following location to see if you have the following files.

cd /root/.ssh
ls -al

This should list the following files on your server:

-rwx--xr-x 1 user user 601 Jun 3 01:58 authorized_keys
-rwx--xr-x 1 user user 668 Jun 11 19:26 id_dsa
-rwx--xr-x 1 user user 599 Jun 11 19:26 id_dsa.pub
-rwx--xr-x 1 user user 6257 Jan 2 21:04 known_hosts

Should you NOT have the id_dsa files, you need to create them as follows:

user@fwsrv ~ $ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): # Press 'enter' here
Enter passphrase (empty for no passphrase): # Press 'enter' here
Enter same passphrase again: # Press 'enter' here
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
2f:d4:cb:50:e6:f3:90:f0:0g:68:d6:10:34:eb:1d:5f user@fwsrv

DO NOT enter a password during any of the above steps.

Should you not have the authorized_keys on the destination server, do the following:

scp ~/.ssh/id_dsa.pub user@'servername':.ssh/authorized_keys

Only do the above if you DO NOT have the authorized_keys in the destination server as well

Should you allready have the file, because you need to do this between more than one server, you just need to copy the id_dsa.pub file from server1 to server2 as any file name and then concatinate the file on server2 to the existing file

Do this by typing : cat "filename" >> authorized_keys

This will take the contenst of "filename" and append or add it to the existing file, if you only make a > sign, you will over ride the whole file so be carefull !!

Now test the connection by typing ssh server2 from server1


GO HOME

No comments: