|
Linux scp or rsync without password
According to http://blogs.sun.com/jkini/entry/how_to_scp_scp_and , or this type of web documents I m trying to setup scp / rsync to copy file in remote system .........WITHOUT PASSWORD .
But every time I m connecting to the remote host , it's asking for remote user password . Can anyone help me regarding the problem , so that it could be possible to copy file without password . |
You should be able to generate a key with a null passphrase if you really want to. Have you tried this? It isn't recommended though.
|
Yes , I have tried in 2 ways . Putting passphrase and non-passphrase [just pressed enter key ] . But in both case , I have to put user's login password ......not even passphrase based password .
|
Can you detail the process you followed?
Can you connect via ssh without a password? |
I took 2 RHEL-5 system .
System-1 -> 192.168.0.10 & System-2 -> 192.168.0.20 I hven't tested with root account . I created user1@192.168.0.10 & user2@192.168.0.20 . Now , on 192.168.0.10 system :-> user1@192.168.0.10 > ssh-keygen -t rsa ..... It saved the passphrase in default ~/.ssh/id_rsa.pub: and set a password or blank , just pressed enter key . user1@192.168.0.10 > scp the id_rsa.pub file to user2@192.168.0.20: directly in user2's home . Now login to remote through ssh........ user2@192.168.0.20 > Created .ssh folder here , if .ssh folder does not exist . And Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys $ cat id_rsa.pub >>~/.ssh/authorized_keys $ chmod 700 ~/.ssh/authorized_keys I have tried also 777 on all required files & folders . Now I m trying ssh login from local user1@192.168.0.10 . Or scp / rsync a file to remote user2@192.168.0.20 . But all time I have to login with user2@192.168.0.20 login password . |
Make sure that even the directory .ssh has permission 700 on the remote server.
|
Yes , 700 . I have tried also 777 . But no result .
I have checked in 2 different platforms also :- RHEL5 and Fedora 8 . But no result . |
Permission 777 is not allowed at all: ssh is restrictive about permissions. You should restrict them, instead. Try to change permissions of authorized_key to 600 (this is the default).
If it does not work, look at the debugging output of ssh (using option -v) and see if the public key authentication is taken in account. |
use 'ssh-add' command to do password management for you. The exact syntax I don't remember but you should be able to get it with google. You can also temporarily disable and the re-enable ssh-agent.
|
I removed all rsa files and tried dsa as per link http://mah.everybody.org/docs/ssh ; but not applied the bottom part of the page . Now when I m trying to login through ssh / rsync ......its asking for passphrase .
BUT.....I put passphrase password / bypass it by pressing enter ....not mater . It again asking for user login password ....This is a problem !!! |
Can you post the output from the following?
Code:
ssh -v <user>@<host>Code:
ls -l $HOME/.ssh |
** dsa server is 192.168.0.20 and local client 192.168.0.10
Output of ssh -v rc2@192.168.0.20 [To DSA server] .................................................................................................... .. OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.0.20 [192.168.0.20] port 22. debug1: Connection established. debug1: identity file /home/rc1/.ssh/identity type -1 debug1: identity file /home/rc1/.ssh/id_rsa type -1 debug1: identity file /home/rc1/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.7 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.0.20' is known and matches the RSA host key. debug1: Found key in /home/rc1/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Unspecified GSS failure. Minor code may provide more information debug1: Next authentication method: publickey debug1: Trying private key: /home/rc1/.ssh/identity debug1: Trying private key: /home/rc1/.ssh/id_rsa debug1: Trying private key: /home/rc1/.ssh/id_dsa debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/rc1/.ssh/id_dsa': debug1: read PEM private key done: type DSA debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: password rc2@192.168.0.20's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Thu Jun 4 14:48:03 2009 from 192.168.0.10 Output of ssh -v rc1@192.168.0.10 [from DSA server] .................................................................................................... .. OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.0.10 [192.168.0.10] port 22. debug1: Connection established. debug1: identity file /home/rc2/.ssh/identity type -1 debug1: identity file /home/rc2/.ssh/id_rsa type -1 debug1: identity file /home/rc2/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7 debug1: match: OpenSSH_4.7 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.0.10' is known and matches the RSA host key. debug1: Found key in /home/rc2/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: An invalid name was supplied Cannot determine realm for numeric host address debug1: Next authentication method: publickey debug1: Trying private key: /home/rc2/.ssh/identity debug1: Trying private key: /home/rc2/.ssh/id_rsa debug1: Offering public key: /home/rc2/.ssh/id_dsa debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: password rc1@192.168.0.10's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Thu Jun 4 16:01:07 2009 from 192.168.0.20 Output of ls -l $HOME/.ssh on 192.168.0.10 [Local client] ............................................. -rw-rw-r-- 1 rc1 rc1 606 2009-06-04 14:22 authorized_keys -rw------- 1 rc1 rc1 736 2009-06-04 14:19 id_dsa -rw-r--r-- 1 rc1 rc1 788 2009-06-04 15:35 known_hosts Output of ls -l $HOME/.ssh on 192.168.0.20 [DSA server] ............................................. -rw------- 1 rc2 rc2 736 Jun 4 14:37 id_dsa -rw-r--r-- 1 rc2 rc2 606 Jun 4 14:37 id_dsa.pub -rw-r--r-- 1 rc2 rc2 788 Jun 4 14:41 known_hosts |
Have you tried to change permissions of authorized_keys to 600, as I suggested in post #8? The key is correctly offered by the client, but it is rejected by the server for some reason.
Code:
Offering public key: /home/rc2/.ssh/id_dsa |
Yes that also been done......but no result .
|
Is any modification needs in ssh config related file ??
I m unable to understand...... in this DSA case , passphrase is asking . But why again asking for user password ! |
| All times are GMT -5. The time now is 08:01 PM. |