SSH without password ?

thefountainhead100 · 03-10-2008, 10:10 PM

hi

I want to write a script that would transfer files from my laptop to a intel/crossbow stargate board that has its own debian based linux kernel.
Since the script transfers of a series of files named in numerical order, I am trying to scp the files using a for loop.

Now it asks for a password everytime. I tried using the RSA keygen as explained in the tutorial here http:////linuxproblem.org/art_9.html, but the keygen command in the board doesnt have a -t rsa option. It says unknown option or too many commands.

How can I transfer a set of files one by one from the board to my computer without having to type in the password everytime ?

Thnx
ash

I

jschiwal · 03-10-2008, 10:18 PM

Does it support dsa keys? Maybe it's version was built without rsa support.

thefountainhead100 · 03-11-2008, 12:44 AM

I donot know. I would check tomorrow and post again. But if it does support DSA keys then how would I be able to do it ? Could you give instructions please ?

Thanks.

jschiwal · 03-11-2008, 01:26 AM

Run ssh-keygen on your local machine with the -t dsa option. This will produce a ~/.ssh/id_dsa.pub file. Then scp this file to the remote machine (using a target name of id_dsa.pub.<hostname> to indicate from which host this is would be a good idea to keep things straight. example: "scp user@host .ssh/id_dsa.pub id_dsa.pub.spring"
Then ssh into the remote machine. Now you need to add the public key to your .ssh/authorized_keys file on the remote machine:
example: cat id_dsa.pub.spring >>.ssh/authorized_keys

You also need to check the /etc/ssh/sshd_config of the target machine.
Here are the uncommented entries of mine:

Code:

# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

The sshd_config file should be well commented. The above comment tells you how to use PAM for account and session checks but not for authentication.
Also make sure to disable root logins, only allow protocol 2, and if only a few users can ssh in, use the "AllowUsers <username1> <username2>" line to disallow all other connection attempts. Many people also change the port used. Doing so will reduce the number of script kiddie attacks dramatically.

Code:

Protocol 2
PermitRootLogin no
PasswordAuthentication no
UsePAM yes

AllowUsers jschiwal

You could avoid repeated scp commands by using sftp instead and running an ftp batch file, which you could construct on the fly as well.

example:

Code:

find ~/Documents/pics/ -type f -name "*.jpg" -mtime 1 >ftpbatch
sed -i 's/^/put /' ftpbatch
sftp -b ftpbatch fountainhead@crossbow:Documents/