LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-27-2017, 06:10 AM   #1
Entropy1024
Member
 
Registered: Dec 2012
Location: UK
Distribution: Ubuntu 16 & 17
Posts: 131

Rep: Reputation: Disabled
SCP using Certs


I have successfully SCPd files back and forth using commands like the one below:
Code:
scp -P 2211 -r myname@www.mysite.com:/*tar.gz /
I would then enter my password for www.mysite.com and the xfer begins.

I now need to SCP files from my host, who insist on using an SSH key pair. I have the SSH keys all set up and have SSHd into the site fine, however how do I use this with the SCP command?

Many thanks for any help.
Tim
 
Old 07-27-2017, 06:30 AM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,354
Blog Entries: 13

Rep: Reputation: 4411Reputation: 4411Reputation: 4411Reputation: 4411Reputation: 4411Reputation: 4411Reputation: 4411Reputation: 4411Reputation: 4411Reputation: 4411Reputation: 4411
I thought the first time you tried to either use SSH or SCP that it would exchange keys and then you have the option to accept or reject them.

Once that is completed between hosts, and approved, they should be all set to do either SSH or SCP. I'd suggest you try your SCP command and see if it is all set, because my suspicion is that since you have successfully done SSH, the keys are already set up.
 
Old 07-27-2017, 06:30 AM   #3
michaelk
Moderator
 
Registered: Aug 2002
Posts: 21,606

Rep: Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165
Exactly the same. You can create a ssh client config file (~/.ssh/config) to save options i.e.

Code:
host myserver
  hostname www.mysite.com
  port 2211
  user myname
And then from the command line
ssh myserver
or
scp -r myserver:/*tar.gz /

Just like ssh scp will automatically try sending the default key i.e. id_rsa etc. If the key file is named something else then it needs to be specified on the command line or in the config file.

The first time you log in and accept is the host key i.e what is saved in known_hosts.

Last edited by michaelk; 07-27-2017 at 06:37 AM.
 
Old 07-27-2017, 07:32 AM   #4
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,672
Blog Entries: 3

Rep: Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904
You can take that a step further and actually specify which key to use.

Code:
host myserver
  hostname www.mysite.com
  port 2211
  user myname
  identityfile /home/entropy1024/.ssh/mysite_key_rsa
See "man ssh_config" for the details on all the options.

But just to pick a nit, the actual keys never get sent. The private key, in particular, never leaves your machine. What happens in the case of key-based authentication is that the server uses the stored public key for that account and generates a challenge. If the account connecting to the server has the right private key it can decode the challenge and include it with a hashed response. If the response checks out ok then the server goes ahead with login.

Last edited by Turbocapitalist; 07-27-2017 at 07:33 AM.
 
Old 07-27-2017, 08:27 AM   #5
michaelk
Moderator
 
Registered: Aug 2002
Posts: 21,606

Rep: Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165Reputation: 4165
Your correct about the keys...
 
Old 07-27-2017, 08:40 AM   #6
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,233
Blog Entries: 4

Rep: Reputation: 3260Reputation: 3260Reputation: 3260Reputation: 3260Reputation: 3260Reputation: 3260Reputation: 3260Reputation: 3260Reputation: 3260Reputation: 3260Reputation: 3260
The initial prompt about "the identity of the site," when you connect to a new site for the first time, is intended to deter imposters ... to detect if some server is impersonating the one you thought you were connecting to. Subsequent connects to the site are expected to return the same random key and to use the same IP.

SCP uses SSH as its communication protocol, and adds file-copying on top of that.

Remember the usual rules about SSH and certificates, such as the fact that the requirements for directory and file permissions.

It is much more secure to use certificates ... and to require certificates, not permitting SSH to "fall back" to passwords nor anything else.

Last edited by sundialsvcs; 07-27-2017 at 08:41 AM.
 
Old 07-27-2017, 09:22 AM   #7
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,672
Blog Entries: 3

Rep: Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904Reputation: 2904
Quote:
Originally Posted by Entropy1024 View Post
I have the SSH keys all set up and have SSHd into the site fine, however how do I use this with the SCP command?
If you don't set the options permanently in ~/.ssh/config as shown above then you could do the -i option just like with ssh

Code:
scp -i ~/.ssh/mysite_key_rsa -P 2211 -r myname@www.mysite.com:/*tar.gz ./
rsync is another good option and runs over SSH.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell scp works perfectly, Net::SCP::Expect calls timing out - reasons? EnderX Programming 1 04-27-2013 01:35 AM
Centos 6.3 host+guest: try scp to guest: scp cmd not found. ssh ok chrism01 Linux - Virtualization and Cloud 3 08-24-2012 01:52 AM
[SOLVED] ssh scp key not working to ssh/scp without password anon091 Linux - Newbie 9 08-22-2011 04:28 PM
scp does not work and gives the following error message: scp: FATAL: Executing ssh1 i akay Linux - Networking 16 09-28-2008 11:41 PM
Unix certs Linux certs and jobs bru Linux - Certification 1 11-18-2004 10:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration