Can't solve a simple SSH/scp issue.. Please help.

denissi · October 21, 2014, 7:09pm

Disclaimer: I tried searching but wasn't able to get to the answer so please don't flame.

Scenario:
I have a root script that generates a file on box1 and then needs to scp it over to box2 using user1. Both boxes are running open-ssh.

root@locat-host# scp /tmp/file1 user1@box2:/tmp/file1

Problem:
When I scp directly from user1 (user1@box1# ssh box2) -- all is good.
When I scp from root user (root@box1# ssh user1@box2) -- I am prompted for a password.

local-host key located: /home/user1/id_rsa.pub
remote-host auth located: /home/user1/authorized_keys

Is my key placement off?

Thanks

achenle · October 21, 2014, 8:04pm

The identity of root at box1 probably isn't in the authorized_keys file for user1@box2.

Try running, as root on box1:

ssh-copy-id user1@box2

Aia · October 21, 2014, 8:15pm

The public key must be appended to the $HOME/.ssh/authorized_keys in this case /root/.ssh/authorized_keys , at the remote server.

denissi · October 21, 2014, 8:37pm

@achenle -- ksh: ssh-copy-id: not found
Box1 = AIX
Box2 = RHEL

@Aia -- don't have access to root on remote box

jim_mcnamara · October 21, 2014, 8:40pm

ALso on the receiving system, /etc/ssh/sshd_config has to have

PermitRootLogin yes

Which is not the default setting.

junior-helper · October 21, 2014, 8:45pm

Following command should help you to copy the file with root user over user1's ssh keys. In fact you'll temporarily switch to user1 and run that scp command.

su -c "scp /tmp/file1 user1@box2:/tmp/file1" user1

Aia · October 21, 2014, 8:56pm

I thought you wanted to login as root, but now I think I see what you want.
You are are root in your local box and want to login as an user1 to remote, if so, your public key as root in the local machine, must be appended to your urser1 account $HOME/.ssh/authorized_keys in the remote.
That file, by the way, needs to have permission 600.

jim_mcnamara · October 21, 2014, 9:04pm

SMall correction:

su - user1 -c "scp /tmp/file1 user1@box2:/tmp/file1"

is more likely to work correctly on most systems. Note the spaces around su -

Skrynesaver · October 22, 2014, 4:11am

One addendum to Aia'a post above, there is a possibility that the remote authorized keys file is called authorized_keys_2

MadeInGermany · October 22, 2014, 5:17am

I vote for

(
USER=user1
eval HOME=~$USER
export USER HOME
cd $HOME
su $USER -fc "scp /tmp/file1 box2:/tmp/file1" 
)

Not having the isolated - skips the login files. Because some su's don't set USER and HOME we set it beforehand. This is done in a (subshell), so the environment is not changed in the main shell. The -f might skip other shell start files.
Another correction:
The auth key file is authorized_keys or authorized_keys2

denissi · October 23, 2014, 1:24pm

Thank you everyone! Even though I'm sure most of the other proposed ways would work also, I ended up adding roots pub key in my target home folders auth file and that solved my issue.

Cheers