LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-22-2007, 11:15 AM   #1
ahmad_abdulghany
LQ Newbie
 
Registered: Mar 2007
Posts: 3

Rep: Reputation: 0
Passwordless sftp to many remote hosts


Hi,
This is my first post to this wonderfull forum!
I really got tired searching and trying to remotely transfer data to group of PCs on a LAN using a shell script to perform passwordless sftp transmission..
I am looking for help from someone that can give me the 1,2,3,.. steps to do it.

My problem is:
I want to make a script (function) that takes file path on current host (i work on) and then loops on 20 PCs that has IPs from 10.10.13.1 through 10.10.13.20 and copy that file to the "user" homes.

How can i do it (please in details)

Thanks a lot in advance,
Ahmad,
 
Old 03-23-2007, 12:25 AM   #2
Jerre Cope
Member
 
Registered: Oct 2003
Location: Texas (central)
Distribution: ubuntu,Slackware,knoppix
Posts: 323

Rep: Reputation: 37
passwordless sftp

First you will need to create the public private keys, on your machine type:

ssh-keygen -t rsa

When prompted for a password, just press return. This is insecure in that if anyone finds your private key, they can masquerade as yourself;however, this is better than rsh--just take care to keep your machine physically secure.

The above operation created two files, one private key and one public. Copy the .pub file to your ~.ssh directory on the destination PC's ,but name it authorized_keys, with the permissions of 660. The authorized_keys file can hold any number of keys, so if you want to add keys (say from another server, you can append the public key file to the authorized_keys.

Once you have the authorized_keys file, you will be able to ssh, scp, sftp from your machine to the other without as password. If you are still prompted for a password, it is because the permission on the .ssh directory and files are wrong. Check the permissions on the .ssh directory you created on your machine when you ran the ssh-keygen program. Make sure the destination pc's .ssh directory as the same permissions--660, etc

Now, all this does, is get you from your HOME directory on your machine to your HOME directory on the other machine. To access the other users home directories you will either need to lower their permissions, or do something like sftp username@remotepc. If you use that syntax, then you will need to setup the public key arrangement for each of the users you intend to copy to.
 
Old 04-03-2007, 07:53 PM   #3
shubb
Member
 
Registered: Oct 2003
Location: San Francisco
Distribution: Slackware 13.37
Posts: 150

Rep: Reputation: 16
I tried your steps, but it still prompts for a password. I have set the permissions on the authorized_keys file to 660.

Here's what I get in debug mode.

Code:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
Is there something I need to do on the destination server to allow public keys?
 
Old 04-04-2007, 12:32 AM   #4
Jerre Cope
Member
 
Registered: Oct 2003
Location: Texas (central)
Distribution: ubuntu,Slackware,knoppix
Posts: 323

Rep: Reputation: 37
the permissions should be 600 on:

authorized_keys
id_dsa, and or
id_rsa
 
Old 04-04-2007, 01:07 AM   #5
shubb
Member
 
Registered: Oct 2003
Location: San Francisco
Distribution: Slackware 13.37
Posts: 150

Rep: Reputation: 16
Ok, let me understand what we're doing here...

PC A wants to be able to ssh/scp to PC B without using passwords.

I create the public/private keys on PC A, and copy the contents of the id_rsa.pub on PC A into the file .ssh/authorized_keys on PC B.

Is this correct?

Why does the permissions matter?
 
Old 04-04-2007, 01:15 AM   #6
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
You have the right idea about SSH keys.

On PC A:
Code:
1) create public/private keys 
ssh-keygen -t rsa

2) mv .ssh/id_rsa.pub .ssh/authorized_keys

3) scp .ssh/authorized_keys -e ssh 10.10.13.1:/ssh_username/.ssh/
(repeat until you have all 10.10.13.1 - 10.10.13.20)
By default, at least from my experience, the permissions of the key files are created securely for you, such as 600 or 644 for the respective files.

you may have to edit your /etc/ssh/sshd_config file to enable the key_file to be authorized_keys. By default, I believe, it already is authorized_keys although I have seen some say the default is authorized_keys2

Now all you have to do is sftp 10.10.13.1-20 and it will go right in without asking for any password.

Last edited by Micro420; 04-04-2007 at 01:20 AM.
 
Old 04-04-2007, 01:24 AM   #7
shubb
Member
 
Registered: Oct 2003
Location: San Francisco
Distribution: Slackware 13.37
Posts: 150

Rep: Reputation: 16
Ok, thats what I did. Actually, I did a copy and paste from two terminal windows: copied the text from id_rsa.pub on source PC to the authorized_keys on destination PC. When I ssh from source to destination, I am still asked for a password.

Now, I do notice that the end of the public key it contains the username@hostname.com information. Does the source PC have to be a DNS entry before the destination will allow it to go through? The source hostname is not in the DNS server.

Is it something in the default sshd config of Slackware 10.2 that causes this?
 
Old 04-04-2007, 06:18 PM   #8
shubb
Member
 
Registered: Oct 2003
Location: San Francisco
Distribution: Slackware 13.37
Posts: 150

Rep: Reputation: 16
Ok, I think it is something with Slackware. If I do these steps between two redhad based boxes, it works fine without issue. Is there some configuration setting I'm missing? I've made the sshd_config files the same between both the Slackware and redhat systems, and still Slack doesnt allow the keys to work...

This is Slackware 10.2.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
script to sftp file to remote server OzTEXS Linux - Newbie 6 06-23-2013 05:33 PM
Nautilus cannot display Remote SFTP Location. saspijkerman Linux - Networking 1 09-16-2010 10:47 PM
setting up remote or sftp access helpme0904 Linux - Newbie 2 08-02-2005 03:12 PM
Restricting SFTP, SSH Remote Login majicrobot Linux - Security 1 09-20-2004 10:54 AM
VSFTP - SFTP error: Couldn't get remote handle. m0untaind0g Linux - Networking 3 01-20-2004 12:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration