[NTLUG:Discuss] Unattended ssh/scp/sftp transfers...

MadHat madhat at unspecific.com
Wed May 22 10:32:36 CDT 2002 

I am on the list, so don't bother CCing directly.  I don't need 2 copies
of the email.

On Wed, 2002-05-22 at 10:16, Tom Woody wrote:
> SSH is great but it hurts my head sometimes...
> 
> currently I am getting a "Permission denied (publickey,keyboard-interactive)." when trying this...
> 
> Host1 where I am trying to scp the files to is RH7.2 (OpenSSH_3.1p1 from RPM)
> Host2 where I am trying to scp the files from is RH7.1 (OpenSSH_3.1p1 from RPM)
> 
> Host2 has RSAAuthentication set to yes, password authentication set to no, empty passwords set to no, with only protocol 2
> 
> 1) I generate the ssh key on Host1 with 'ssh-keygen -t dsa' it prompts me for the name and I make it '.ssh/emptypassphrase' for ease, with an empty passphrase
> 2) I ftp the emptypassphrase.pub to Host2, and rename it .ssh/authorized_keys2
> 3) for giggles I restart ssh on both hosts
> 
> then I try (from host1):  ssh -i .ssh/emptypassphrase backup at host2


OK, I did 
$ ssh-keygen -t dsa -f .ssh/tmp
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/temp.
Your public key has been saved in .ssh/temp.pub.
The key fingerprint is: .....
$ scp .ssh/temp.pub remotehost:.ssh/authorized_keys2
Passowrd:
$ ssh -i .ssh/temp remotehost
Last login: Wed May 22 07:19:15 2002 from ******

So it all worked.

Try doing an ssh -v and see what all it says looking for error
messages.  Also check your logs for errors with permissions of files or
more details.  I am running the exact same version on RH7.2 boxen and
FreeBSD and it works fine.  Of course I still have password auth still
on, but because I have no reason to turn it off.  

Also I would add to my authorized keys file for the backup user

from="adminhost.domain.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AJHDIYDHKBSOITSOG.......

see 'man sshd' for specifics  Also look at command="" to see if it can
be used to make things safer.

> I get the above permission denied

what is the exact error message?

> 
> Is there anything I am missing?
> 
> On 21 May 2002 17:15:23 -0500
> MadHat <madhat at unspecific.com> wrote:
> 
> > On Tue, 2002-05-21 at 17:02, Tom Woody wrote:
> > > I want to use SSH to automate some regular backups and am having the worst time at it...
> > > 
> > > I have various hosts that I need to either retrieve files from, or perform backups
> > > 
> > > I know that I can use ssh,sftp,scp,etc to do these-as I have done them...but there is no way I have found to handle the authentication for the automated tasks.  
> > > 
> > > 1) I have tried doing RSAAuthentication but since I need to do this in a crontab I can't use the ssh-agent to store the passphrase, and I haven't found a way to provide the passphrase as an argument to scp/ssh
> > > 2) I have tried using the SSH1 Rhosts authentication but that doesn't seem to want to work either
> > > 
> > > Anyone have any other suggestions...I am all ears!
> > > 
> > 
> > use a passphrasless key and the -I to specify the identify file.
> > 
> > so you create a key with ssh-keygen, but don't make it the defaul
> > identity file, use another name, the take the pub and add it to the
> > remote host, but add what can be run and where they can connect from use
> > the command and host directives in the authorized_keys file.  Then you
> > can use cron by saying 
> > scp -I identity_file user at host:file /local/path
> > 
> > 
> > if oyu need more details, let me know.
> > 
> > > -- 
> > > Woody
> > > 
> > > _______________________________________________
> > > http://www.ntlug.org/mailman/listinfo/discuss
> > > 
> > -- 
> > MadHat at Unspecific.com
> > gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
> > Key fingerprint = E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98
> > 
> > 
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> 
> 
> -- 
> Tom Woody
> Systems Administrator
> NationWide Flood Research, Inc.
> phone: 214-631-0400 x209
>   fax: 214-631-0800
> 
> If you have any trouble sounding condescending,
> find a Unix user to show you how it's done.
> 		--Scott Adams
> 
-- 
MadHat at Unspecific.com
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
Key fingerprint = E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98

More information about the Discuss mailing list