Pages

Saturday, January 05, 2008

How to ssh/scp w/o password prompt

Sometimes, we'd like to automate a file transfer process between main server and backup server. We can use scp to transfer files but usually scp requires input for password prompt. Belows are quick steps to remove the password prompt for scp/ssh.Basically, there are two steps needed:
  1. create public and private key in the ssh client
  2. copy or append the public key content to the ssh server

If you are using SSH version 2, follow the following steps:
  1. at the client machine, login as the user who will execute the ssh or scp, then create pair of public and private key using dsa to ~/.ssh/id_dsa with the following command:
    $ ssh-keygen -t dsa -f .ssh/id_dsa
    (If there's a prompt asking for password, leave it blank. There will be two files created on ~/.ssh/ : id_dsa (private key) and id_dsa.pub (public key))
  2. Copy or append the content of id_dsa.pub (public key) above to the ssh server at the home directory of the ssh user: ~/.ssh/authorized_keys2

If you are using SSH version 1, follow the following steps (very similar):
  1. At the client machine, login as the user who will execute the ssh or scp, then create pair of public and private key using rsa to ~/.ssh/id_rsa with the following command:
    $ ssh-keygen -t rsa -f .ssh/id_rsa
    (If there's a prompt asking for password, leave it blank, there will be two files created.)
  2. Copy or append the content of id_rsa.pub (public key) above to the ssh server at the home directory of the ssh user: ~/.ssh/authorized_keys

That's all :)

Update:
Don't forget to set the file permission for the public key file in ssh server:
chmod 600 ~/.ssh/authorized_keys or chmod 600 ~/.ssh/authorized_keys2

That's all :)

15 comments:

  1. Sorry for being dense but how do I log in w/o password after going through this process? Thanks for helping out a newb.

    ReplyDelete
  2. hi, after following the steps, you should be able ssh or scp without password prompt.
    Suppose your user id is user_a from machine A, and you want to ssh/scp to machine B with user id user user_b, then:
    (1) 1st step: create a pair of public and private key in machine A (client machine),execute it as user_a in the home directory of user_a. There should be /home/user_a/.ssh/id_dsa and id_dsa.pub created.
    (2) the 2nd step: copy or append the id_dsa.pub in machine B (ssh server), to the /home/user_b/.ssh/ (if folder .ssh does not exist, create it first).

    Please let me know if you still get trouble.

    ReplyDelete
  3. What if I want to ssh from box A as regular user to box B as root user? The "/root" directory doesn't have a ".ssh" sub-directory.

    ReplyDelete
  4. hi, you can simply create one with mkdir .ssh

    ReplyDelete
  5. Mr. chn : Terrific man .. I always wanted to do this but didn't know. Thanks a bunch dude !!

    ReplyDelete
  6. This comment has been removed by a blog administrator.

    ReplyDelete
  7. I can not use ssh/public/private keys process. I still want to copy a file from server1 to server 2 using sftp or scp. I want to pass the password to the scp or sftp in a sheell script as variable. What shd I do?

    ReplyDelete
  8. I am not able to ssh/scp without password after using that 2 steps. ssh/scp ask the password again. my ssh client is fc8 and my ssh server is a suse11.let me know if you have any suggessions. thanks

    ReplyDelete
  9. @sashykanth: as far as I know, I am afraid that it is not possible to pass the password as variable.
    @veera: If your server is using SSH version 2, please try to generate the key using dsa, otherwise using rsa. Or you can take a look at this site also: http://www.linuxjournal.com/article/8600 I think the author on that site provides a better explanation. ^^
    Let me know if you still got problem.

    ReplyDelete
  10. Hi i use putty to transfer files through FTP to a distant server.Can you give some way that i could use to automate the backup process from server to some other backup server.I guess it would be easy but how?

    ReplyDelete
  11. @e signature: sorry, I never tried to automate file transfer through ftp. Perhaps you can take a look at the following forum, there are some examples of script to automate ftp. I haven't tried though.

    http://www.linuxforums.org/forum/programming-scripting/106665-automatic-ftp-upload-via-script.html

    http://www.linuxquestions.org/questions/programming-9/bash-script-519327/

    If you still have problem, let me know. Cheers.

    ReplyDelete
  12. Hello,

    In a UNIX shell script, we are doing scp to a node....

    But sometimes it asks for password for some servers..... What I need is that if on scp password is prompted then to exit the scp and if no password prompted then do the required steps....

    Please to provide any help

    Regards;
    Ajay Saini

    ReplyDelete
  13. @Ajay: I am sorry, I do not quite understand your question. Could you explain once more?

    ReplyDelete
  14. I am having a problem where SSH connects with out a password prompt... but scp DOES NOT:

    $ ssh remote-host
    Last login: Tue Oct 9 12:24:29 2012 from ip98-164-76-141.no.no.cox.net
    -bash-4.2$


    UNDESIRABLE:
    $ scp f1/* cbeasley@remote-host:/f2/
    Enter passphrase for /home/cbeasley/.ssh/id_rsa:

    Could anyone explain why SCP is behaving different than SSH with the same configuration?

    local-host$ ssh -V
    OpenSSH_5.8p2, OpenSSL 1.0.0j-fips 10 May 2012

    remote-host$ ssh - V
    OpenSSH_5.8p2, OpenSSL 1.0.0j-fips 10 May 2012

    ReplyDelete