Have a Bash script where a service account uses scp to move files from a server to a logging server without logging in via ssh keys.

Recently had to change the password on the service account due to password policies, however the script stopped working.

Did some troubleshooting and re-generated the ssh keys and then it worked again.

I didn't find any info online, however if I change the password for accounts that are tied to ssh keys/scripts, will we have to generate ssh keys each time this is done?

thanks

I thought ssh keys were system to system and had nothing to do with the actual user on the system. However maybe I'm incorrect and they are a combination of user@system-name-or-address. Meanwhile I don't see how this is tied to the password for the user account.

Except that you have to type the password, even the newer one, however I do not feel it requires generation of new keys.

Testing this on my system now...

I had to create keys to ssh to my system Mint 18.1 running OpenSSH 7.2p2 the first time I connected.

I disconnected, changed my password and when I reconnected, it just allowed me to type the new password and didn't require me to generate new keys.

I wonder if the IP address of your client changed and this is the reason for the need for new keys.

Meanwhile, same thought there which is that if you have the keys using hostnames and the hostname is the same ...

ssh keys are independent of passwords, however from the information from the OP we have on idea on how exactly the scp script is authenticating so it's difficult to say what the actual issue is.

Things that came to mind is that there could be a passphrase on the the private key or that there's something making use of ssh-agent to provide authentication.

I can confirm that ssh (and friends like rsync and scp) must continue to work with public/private key authentication, regardless of password set.

That is the point of key authentication. If I want access to a system without password exchange between me and the remote administrator, he creates a new user account for me with an unknown password. I send the public key. He places it in ~/.ssh/authorized_keys. And I try to avoid changing my public key ever, unless I fear my private key is compromised.

After that, I log in without a password and change my password. Logins after that continue as before.

I can't possibly imagine what could cause the key authentication to stop working. If only the password has changed. I do not have experience with passphrases.

It might be worth to re-test this. It is a nuisance to re-create and distribute keys.

jlinkels

We suffered from a SAN failure (both controllers failed) and still in the process of cleanup. I'm guessing this is part of the cleanup, as I wouldn't think that ssh keys would fail when setting a password for a service account that expires every 365 days.

thanks