[NTLUG:Discuss] Unattended ssh/scp/sftp transfers...

Tom Woody woody at nfri.com
Wed May 22 13:50:23 CDT 2002 

Turns out the entire problem was the .ssh directory was mode 775 rather than 700 - not a problem I am going to make again!

Thanks for the help madhat

On 22 May 2002 10:32:36 -0500
MadHat <madhat at unspecific.com> wrote:


> On Wed, 2002-05-22 at 10:16, Tom Woody wrote:
> > SSH is great but it hurts my head sometimes...
> > 
> > currently I am getting a "Permission denied (publickey,keyboard-interactive)." when trying this...
> > 
> > Host1 where I am trying to scp the files to is RH7.2 (OpenSSH_3.1p1 from RPM)
> > Host2 where I am trying to scp the files from is RH7.1 (OpenSSH_3.1p1 from RPM)
> > 
> > Host2 has RSAAuthentication set to yes, password authentication set to no, empty passwords set to no, with only protocol 2
> > 
> > 1) I generate the ssh key on Host1 with 'ssh-keygen -t dsa' it prompts me for the name and I make it '.ssh/emptypassphrase' for ease, with an empty passphrase
> > 2) I ftp the emptypassphrase.pub to Host2, and rename it .ssh/authorized_keys2
> > 3) for giggles I restart ssh on both hosts
> > 
> > then I try (from host1):  ssh -i .ssh/emptypassphrase backup at host2
> 
> 
> OK, I did 
> $ ssh-keygen -t dsa -f .ssh/tmp
> Generating public/private dsa key pair.
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Your identification has been saved in .ssh/temp.
> Your public key has been saved in .ssh/temp.pub.
> The key fingerprint is: .....
> $ scp .ssh/temp.pub remotehost:.ssh/authorized_keys2
> Passowrd:
> $ ssh -i .ssh/temp remotehost
> Last login: Wed May 22 07:19:15 2002 from ******
> 
> So it all worked.
> 
> Try doing an ssh -v and see what all it says looking for error
> messages.  Also check your logs for errors with permissions of files or
> more details.  I am running the exact same version on RH7.2 boxen and
> FreeBSD and it works fine.  Of course I still have password auth still
> on, but because I have no reason to turn it off.  
> 
> Also I would add to my authorized keys file for the backup user
> 
> from="adminhost.domain.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AJHDIYDHKBSOITSOG.......
> 
> see 'man sshd' for specifics  Also look at command="" to see if it can
> be used to make things safer.
> 
> > I get the above permission denied
> 
> what is the exact error message?
> 
> > 
> > Is there anything I am missing?
> > 
> > On 21 May 2002 17:15:23 -0500
> > MadHat <madhat at unspecific.com> wrote:
> > 
> > > On Tue, 2002-05-21 at 17:02, Tom Woody wrote:
> > > > I want to use SSH to automate some regular backups and am having the worst time at it...
> > > > 
> > > > I have various hosts that I need to either retrieve files from, or perform backups
> > > > 
> > > > I know that I can use ssh,sftp,scp,etc to do these-as I have done them...but there is no way I have found to handle the authentication for the automated tasks.  
> > > > 
> > > > 1) I have tried doing RSAAuthentication but since I need to do this in a crontab I can't use the ssh-agent to store the passphrase, and I haven't found a way to provide the passphrase as an argument to scp/ssh
> > > > 2) I have tried using the SSH1 Rhosts authentication but that doesn't seem to want to work either
> > > > 
> > > > Anyone have any other suggestions...I am all ears!
> > > > 
> > > 
> > > use a passphrasless key and the -I to specify the identify file.
> > > 
> > > so you create a key with ssh-keygen, but don't make it the defaul
> > > identity file, use another name, the take the pub and add it to the
> > > remote host, but add what can be run and where they can connect from use
> > > the command and host directives in the authorized_keys file.  Then you
> > > can use cron by saying 
> > > scp -I identity_file user at host:file /local/path
> > > 
> > > 
> > > if oyu need more details, let me know.
> > > 
> > > > -- 
> > > > Woody
> > > > 
> > > > _______________________________________________
> > > > http://www.ntlug.org/mailman/listinfo/discuss
> > > > 
> > > -- 
> > > MadHat at Unspecific.com
> > > gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
> > > Key fingerprint = E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98
> > > 
> > > 
> > > _______________________________________________
> > > http://www.ntlug.org/mailman/listinfo/discuss
> > 
> > 
> > -- 
> > Tom Woody
> > Systems Administrator
> > NationWide Flood Research, Inc.
> > phone: 214-631-0400 x209
> >   fax: 214-631-0800
> > 
> > If you have any trouble sounding condescending,
> > find a Unix user to show you how it's done.
> > 		--Scott Adams
> > 
> -- 
> MadHat at Unspecific.com
> gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
> Key fingerprint = E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss


-- 
Tom Woody
Systems Administrator
NationWide Flood Research, Inc.
phone: 214-631-0400 x209
  fax: 214-631-0800

If you have any trouble sounding condescending,
find a Unix user to show you how it's done.
		--Scott Adams

More information about the Discuss mailing list