LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-03-2017, 07:43 AM   #1
Natarajachar
LQ Newbie
 
Registered: Oct 2016
Posts: 18

Rep: Reputation: Disabled
Smile copy a file from one server to other through scp command as a cron job


Hi,

I have to create a cron job which copies some files from one server to other. I am planning to use scp -r abc.txt{files} ip.adres:{location} but this query will ask for password to be entered.
nmpt:/ # scp -r scripts.tar.gz 10.10.5.130:/
Password:

But if I create a crontab for this, then I can't enter the password. So I want the password to be entered in the same command line like using sqlplus command:- sqlplus username/password.


Kindly help me to achieve this. Any suggestions would be helpful.

Thanks,
Natraj
 
Old 04-03-2017, 08:01 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 23,130

Rep: Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454
Quote:
Originally Posted by Natarajachar View Post
Hi,
I have to create a cron job which copies some files from one server to other. I am planning to use scp -r abc.txt{files} ip.adres:{location} but this query will ask for password to be entered.
nmpt:/ # scp -r scripts.tar.gz 10.10.5.130:/
Password:

But if I create a crontab for this, then I can't enter the password. So I want the password to be entered in the same command line like using sqlplus command:- sqlplus username/password.
Very easy; swap your SSH keys for the user whose ID is going to be used to run the transfer. In the example you listed, you're doing this as root, which is a VERY BAD IDEA...you should never, EVER allow root to log in via SSH (or over the network), period.

Generate your SSH keys, use ssh-copy-id to copy that key to the remote server (do this interactively), and after that, the user ID you copied won't have to enter a password. Since SCP uses the same authentication key, it won't either, so you can easily cron things.
http://www.thegeekstuff.com/2008/11/...en-ssh-copy-id

Read the scp man page, and pay particular attention to the "-i" flag, so that if you put this cron job in root's crontab, you can specify your non-root user ID to use:
https://linux.die.net/man/1/scp

Also, read the "Question Guidelines" link in my posting signature, and please do some searching first. This has been asked/answered on this site MANY times, and Google has much on this as well.
 
2 members found this post helpful.
Old 04-03-2017, 08:13 AM   #3
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,071
Blog Entries: 3

Rep: Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534
In addition to that good advice, you might look at some of the options available to ssh-keygen listed in the manual:

Code:
man ssh-keygen
In particular, look at -C, -f, and -t.

Using -C to make a comment can help identify the key after time has passed. Usually the comment is used to say where the key is from and follows with the public key over to the remote machine.

Using -f can give the key pair a unique name. Too many of the tutorials both go with the default name and only assume ever having a single key. The key pair's file name can be a useful reminder of which machine and or account the key is for.

Using -t allows you to make the key use one of the elliptic curve algorithms, like Ed25519. You can use RSA for compatibility with older dongles and some programs which require it, but Ed25519 is considered better. Just don't use DSA anymore ever. If you see a guide using it, either skip the guide or substitute RSA or Ed25519.
 
3 members found this post helpful.
Old 04-03-2017, 08:44 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
no-password, high strength key:
Code:
ssh-keygen -f /path/to/scp_key -t rsa -N '' -b 4096 -q
Comments are good
Code:
ssh-keygen -f /path/to/scp_key -t rsa -N '' -b 4096 -q -C "This key came from Natraj"
after the key is established, it's just
Code:
scp -i /path/to/scp_key scripts.tar.gz 10.10.5.130:/
and a reference because it's just that good.
Simple, Secure Backups for Linux with rsync

Be safe.
 
2 members found this post helpful.
Old 04-03-2017, 09:25 AM   #5
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 23,130

Rep: Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454Reputation: 6454
Honestly, after MANY years using this method/mechanisms, I've not used comments before, but it is blindingly obvious I *SHOULD* be doing that...thanks for showing that option off.
 
Old 04-03-2017, 11:46 AM   #6
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by TB0ne View Post
Honestly, after MANY years using this method/mechanisms, I've not used comments before, but it is blindingly obvious I *SHOULD* be doing that...thanks for showing that option off.
Since I had to insert said key in said file on you know where it goes, I too rarely used -C.

-V looks interesting (to me).

Peace.
 
Old 04-03-2017, 11:49 AM   #7
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,071
Blog Entries: 3

Rep: Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534
Quote:
Originally Posted by TB0ne View Post
Honestly, after MANY years using this method/mechanisms, I've not used comments before, but it is blindingly obvious I *SHOULD* be doing that...thanks for showing that option off.
No problem. By the way, some Desktop Environments have agents that read the public keys and use the comments found there for annotations. Such agents only work well up to six keys though.
 
Old 04-03-2017, 11:59 AM   #8
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,071
Blog Entries: 3

Rep: Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534
Quote:
Originally Posted by Habitual View Post
-V looks interesting (to me).
That's for use with SSH certificates. They're slightly more "secure" than keys but somewhat non-standard as SSH seems to have its own format.
 
Old 04-03-2017, 01:36 PM   #9
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181Reputation: 3181
I had one idle thought and now I'm curious ...

What if you programmed the crontab-executed script so that it invoked another script using the "[font=courier]sudo -u userid" option? And then, put the necessary certificate in the .ssh/authorized_keys file of that user?

And what if you also used -i (simulate initial login) ??

The primary script that does the job would now be executing in the (non-privileged ...) context of a specified other user-id. Therefore, wouldn't sshd look for the authorized-key in the home directory of that user?

Although we most-frequently use su to reach the context of the root user, the command has very-obviously been carefully constructed to let us leverage the execution context of anyone.

This strategy would not only allow us to compartmentalize (identify ...) the user that is executing the copy, but it would also ensure (in general) that the operation is not occurring with rootly privilege.
 
Old 04-03-2017, 01:55 PM   #10
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,071
Blog Entries: 3

Rep: Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534
Sure. You can use sudo to run ssh as an unprivileged user, even from one unprivileged account to another. Just add the right custom formula in sudoers.

No environment variables are used, as far as I know, as long as you avoid the tilde ~

If you want to prevent modification of the authorized_keys file on the remote system then change the AuthorizedKeysFile directive in sshd_config to some path + file that the account can only read but not write. You can have some tokens to stand in as variables. For example:

Code:
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
And then have the directory those files owned by root and not writable. The file must be either world-readable or readable by the specific account.
 
Old 04-05-2017, 01:01 AM   #11
Natarajachar
LQ Newbie
 
Registered: Oct 2016
Posts: 18

Original Poster
Rep: Reputation: Disabled
Could anyone explain me what is ssh key?
 
Old 04-05-2017, 02:35 AM   #12
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,071
Blog Entries: 3

Rep: Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534
Not really, it's mostly over my head though I use it all the time. It uses asymmetric encryption to use a private key to make a digital signature for a message composed of specific data which is then sent to the SSH server. The server then uses the corresponding public key to verify that signature. If everything is ok, then the authentication goes ahead. See RFC 4252 in the section, 7. Public Key Authentication Method: "publickey" for the specifics for SSH.

In practice, it is one way that allows you to automate connections, among other advantages.
 
Old 04-05-2017, 02:45 AM   #13
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 15,144

Rep: Reputation: 4984Reputation: 4984Reputation: 4984Reputation: 4984Reputation: 4984Reputation: 4984Reputation: 4984Reputation: 4984Reputation: 4984Reputation: 4984Reputation: 4984
probably here: https://en.wikipedia.org/wiki/Secure_Shell
ssh-key is something like a key, you store it on your host and ssh can use it to "enter" into another host. But you need to put a lock with a "keyhole" on the server what can be opened only with your key.
 
1 members found this post helpful.
Old 04-11-2017, 04:42 AM   #14
Natarajachar
LQ Newbie
 
Registered: Oct 2016
Posts: 18

Original Poster
Rep: Reputation: Disabled
Hi,

Please anybody suggest me on which server I need to establish ssh-keys?
Target server or source server?

Thanks,
Natraj
 
Old 04-11-2017, 04:49 AM   #15
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,071
Blog Entries: 3

Rep: Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534Reputation: 2534
The public key goes onto the server you will connect to. Specifically, it goes into ~/.ssh/authorized_keys, unless you or your sysadmin have gone out of your way to make other plans.

The private key goes onto the machine you will connect from. Usually, it goes into the directory ~/.ssh/ unless you or your sysadmin have gone out of your way to make other plans. Also, it is usual to keep a copy of the public key here too but that is not required.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SCP: Copy file from remote linux server onto a windows machine? Tony Empire Linux - Newbie 21 09-22-2015 10:18 PM
Server to server file copy through SCP or wget tibberous Linux - Server 6 12-19-2010 06:08 PM
scp problem in cron job andreolira Linux - General 9 09-08-2008 04:27 PM
Need to copy file (scp) to Debian server when reached 150 kb spaceuser Linux - Newbie 1 07-20-2008 03:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration