LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-17-2014, 06:44 PM   #1
ASTRAPI
Member
 
Registered: Feb 2007
Posts: 210

Rep: Reputation: 16
Question How to specify password to scp?


Hi

I try to remote transfer a file from one server to another like:

Code:
scp -P 22000 -p 0U9h1j847 root@176.789.456.123:/home/user/public_html/blog/file.gz /home/nginx/domains/mydomain.com
and i am getting :

Code:
cp: cannot stat `0U9h1j847': No such file or directory
What is wrong?
 
Old 11-17-2014, 06:50 PM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,204

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
Have you checked to see what the -p switch means?
 
1 members found this post helpful.
Old 11-17-2014, 06:50 PM   #3
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 5,121

Rep: Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876
according to the manpage for scp, the -p option is to preserve timestamps on the files (and not the password). if you run it without the -p option it should prompt you for password.

if you are trying to automate something you should set up public key encryption:
http://linuxproblem.org/art_9.html
 
1 members found this post helpful.
Old 11-17-2014, 06:54 PM   #4
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,204

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
I agree with schneidz. But if you are stuck and need to use a password with SCP you can always use 'sshpass' or 'expect'. A quick internet search will turn up plenty of examples for both of them.
 
Old 11-17-2014, 07:31 PM   #5
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,
Quote:
Originally Posted by szboardstretcher View Post
But if you are stuck and need to use a password with SCP you can always use 'sshpass' or 'expect'.
Both of these methods have serious security problems.

You should instead use public/private key authentication either with ssh-agent or with a private key that is not protected by a passphrase but has limited functionality using the command="XXX" option in the authorized_keys file.

Evo2.
 
1 members found this post helpful.
Old 11-17-2014, 09:15 PM   #6
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,204

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
Quote:
You should instead use public/private key authentication
Thats what schneidz said here:

Quote:
if you are trying to automate something you should set up public key encryption:
and as far as this goes:

Quote:
Both of these methods have serious security problems.
True - only if you are talking about making a permanent script.

Using expect and sshpass for a short term, one run script is not necisarrily a security problem. As I mentioned, 'if you are stuck' and absolutely have to get this done with a password, then they are good fire and forget solutions, but shouldn't be used for permanent scripts.

Also, the bigger security problem is that they are using passwords at all. But that is a whole different question.

Last edited by szboardstretcher; 11-17-2014 at 09:22 PM.
 
Old 11-17-2014, 09:48 PM   #7
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,
Quote:
Originally Posted by szboardstretcher View Post
True - only if you are talking about making a permanent script.
Sorry, but I disagree. Even if it is not permanent it still means that the root password will be stored in plain text on that machine.
Quote:
Originally Posted by szboardstretcher View Post
Using expect and sshpass for a short term, one run script is not necisarrily a security problem.
Not only is it a security problem, it is also wasted effort. Why bother setting this up if it is only to be used once. Just enter the password at the prompt.
Quote:
Originally Posted by szboardstretcher View Post
As I mentioned, 'if you are stuck' and absolutely have to get this done with a password, then they are good fire and forget solutions, but shouldn't be used for permanent scripts.
The OP clearly has root access on that machine, so presumably OP can configure it to accept public key authentication (which is anyway the default on any sshd install I've seen).
Quote:
Originally Posted by szboardstretcher View Post
Also, the bigger security problem is that they are using passwords at all. But that is a whole different question.
Actually, I'd probably argue that allowing root to ssh in is a bigger problem.

Evo2.
 
1 members found this post helpful.
Old 11-18-2014, 08:32 AM   #8
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,204

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
I think you are right on all counts.

An explanation though:

It would be stored on the computer temporarily. That means that it is deleted afterward.

I create scripts all the time that are only used for an hour or so. And sometimes I hardcode a password into them, so I don't have to re-type the password 100 times while I am testing the script. Once I'm done, the script is wiped.

I applaud you if you have never, ever made a script that you had to hard code a password in for temporary usage. But for some of us, this happens occasionally.

And perhaps you work in an environment where you can just willy-nilly change the authentication method from password to ssh-keys. Thats applaudable too. But not everyone has that kind of freedom, and we are stuck with workarounds until it can be changed.

Last edited by szboardstretcher; 11-18-2014 at 08:57 AM.
 
Old 11-18-2014, 10:10 PM   #9
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,697

Rep: Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261
You should still use the PKI instead.

There is a frequent "forgetting" to delete the file containing the password...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
scp is not asking for password. webking Linux - Security 4 02-01-2014 02:49 AM
[SOLVED] ssh scp key not working to ssh/scp without password rjo98 Linux - Newbie 9 08-22-2011 04:28 PM
scp needs three times password in wrong password case!!! JATA01 Programming 6 12-01-2008 05:28 AM
SCP without Password help ignignokt Linux - Networking 3 01-02-2007 11:59 AM
scp and no password mikeyt_333 Linux - General 2 03-26-2002 03:33 PM


All times are GMT -5. The time now is 02:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration