LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-18-2005, 06:55 AM   #1
overpeer
LQ Newbie
 
Registered: Aug 2005
Location: Valencia (Spain)
Distribution: Gentoo
Posts: 9

Rep: Reputation: 0
SSH/SCP Autologin


Hi!

I need automatize the download of some files with SFTP (SCP with FTP commands).

The problem is, than exist a password. I don't find how automatize login process without SSHv2 only, or use Expect (Expect require tcl/tk).

Some way to do it?

A greeting!
 
Old 10-18-2005, 08:36 AM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,009
Blog Entries: 5

Rep: Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787Reputation: 787
Do you control both hosts? If so you can use scp instead of sftp then setup trusts between the two users so that it never prompts for a password at all. See ~home/.ssh/autorized_keys file (man ssh).
 
Old 10-18-2005, 08:51 AM   #3
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
SCP vs SFTP is irrelevant. You need to implement Public Key Authentication. Than you will be able to login w/out using the password. I do this on several servers every night.
 
Old 10-18-2005, 08:58 AM   #4
overpeer
LQ Newbie
 
Registered: Aug 2005
Location: Valencia (Spain)
Distribution: Gentoo
Posts: 9

Original Poster
Rep: Reputation: 0
Talking

Are a lot of machines (aproximatly 300) ... with a lot of keys ... with ... uffff x'DD

Some way more ?
 
Old 10-18-2005, 09:17 AM   #5
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
I like this new word you've invented. "automatize"... Did you get that from the generator?
 
Old 10-18-2005, 09:21 AM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
overpeer,

Here is a howto on public key authentication: http://forums.suselinuxsupport.de/in...howtopic=18093

Not sure which distro you're using, but this is pretty standard stuff. (Sometimes the AuthorizedKeysFile may differ from distro to distro.)
 
Old 10-18-2005, 04:29 PM   #7
overpeer
LQ Newbie
 
Registered: Aug 2005
Location: Valencia (Spain)
Distribution: Gentoo
Posts: 9

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by GNUbie
I like this new word you've invented. "automatize"... Did you get that from the generator?
New word? xD

http://www.wordreference.com/definition/automatize

LOL

A lot of thanks to the rest

Regards.
 
Old 10-18-2005, 11:43 PM   #8
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 4&5, Fedora 10, CentOS 5.4, IPCop
Posts: 569

Rep: Reputation: 55
Creating a key without a pass-phrase, according to what I've read (and it also makes sense), is a bad idea. Quoting from http://www.linuxjournal.com/article/8600:-

"The passphrase protects the private key, so creating a key without a passphrase means that anyone who manages to acquire the private key would be able to log in to remote servers with the credentials of the key owner."

The link goes on to talk about using keyring. Does anyone have thoughts or experience with that. I don't, but want to learn more.

Ian
 
Old 10-19-2005, 06:51 AM   #9
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Creating a key without a pass-phrase, according to what I've read (and it also makes sense), is a bad idea.
I guess I wouldn't call it a bad idea. The author of the article is correct, a private key without a passphrase is less secure than one with one. The security concern here is how safe you keep your private key. If you keep it on a secure box that you monitor for tampering, then not using a passphrase may be an acceptable security risk. If you keep it on a public library computer where it is accessible to the entire planet, then maybe not using a passphrase is a bad idea.

It really boils down to what task do you need to accomplish and what level of risk are you willing to accept. For the kind of automated tasks this thread is about, either you accept the risk of using a key without a passphrase or you accept the risk of having usernames, passwords or passphrases in a script or program where they might also be accessible.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Autologin to KDE from SSH skorpi0wn Linux - Software 1 04-18-2005 11:22 PM
Problems with SSH / SCP henriette Linux - Networking 1 04-28-2004 01:52 AM
scp ssh (easier way) podollb Linux - Software 8 03-21-2004 11:56 PM
difference between SSH and SCP palanisaravanan Linux - Security 8 12-28-2003 11:07 PM
SSH and autologin? presstone Linux - General 8 03-12-2003 08:40 PM


All times are GMT -5. The time now is 03:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration