How to scp shadow file of b form system a?

Hi all,

What I have already done:

1. Same user created on both system and passwordless ssh form system a to system b through that user

I need to write a small script to copy /etc/shadow file of sytem a to system b,
script needs to be executed on system b.
But as /etc/shadow file is owned by root ,it shows message like permission denied.

inshort i want to execute

scp 192.168.1.21:/etc/shadow localmachine 

You'll have to log in as root, or somehow contrive to get root access after logging in.

Even the slightest insecurity in the system you use could have dire consequences.

Hey ,

But give me an exaple as how to do it ?

Thanks,
Manali

on Server A
as root user

chmod 444 /etc/shadow

on server B
as root user

chmod 644 /etc/shadow
cp /etc/shadow /etc/shadow.keep   # this is to revert if it screws up
scp me@serverA::/etc/shadow .
chmod 400 /etc/shadow

TEST several user logins on serverB. Note: Create separate processes for login testing, KEEP YOUR root PROCESS active no matter what, so if you broke stuff, you can still fix it. If you really broke things, nobody can login to serverB, including root. Use the copy /etc/shadow.keep to restore.

Go back to serverA

chmod 400 /etc/shadow

This effort will not work to duplicate passwords if you are using NIS or LDAP or you have messed with PAM setup on either box.

HI ,
Thanks for your replies.

But my requirement is this. below is my script and I need to SCP /etc/shadow from remote server to my DR system.

Now please guide as how to accomplish thisbecause it ask for root password before copying,
NOte I have setpasswordless login from same user on all the systems.

#!/bin/bash

MACHINE=mainserver
for server in "system1" "system2" "system3" "system4" "system5"
SSH_SERVER=`ssh $server exec uname -n`
echo "Copying file from $SSH_SERVER......."
if [ $SSH_SERVER = $MACHINE ]; then
scp -q $SSH_SERVER:/etc/passwd /DR/$SSH_SERVER
scp -q $SSH_SERVER:/etc/group /DR/$SSH_SERVER
scp -q $SSH_SERVER:/etc/services /DR/$SSH_SERVER /etc/profile
scp -q $SSH_SERVER:/etc/printers.conf /DRs/$SSH_SERVER
scp -q $SSH_SERVER:/etc/profile /DR/$SSH_SERVER
scp -q $SSH_SERVER:/etc/dfs/dfstab /DR/$SSH_SERVER
scp -q $SSH_SERVER:/etc/dfs/sharetab /DR/$SSH_SERVER
scp -q $SSH_SERVER:/etc/vfstab /DR/$SSH_SERVER
scp -q $SSH_SERVER:/etc/shells /DR/$SSH_SERVER

    else
            scp -q $SSH_SERVER:/etc/passwd /DR/$SSH_SERVER
            scp -q $SSH_SERVER:/etc/group /DR/$SSH_SERVER
            scp -q $SSH_SERVER:/etc/services /DR/$SSH_SERVER
            scp -q $SSH_SERVER:/etc/printers.conf /DR/$SSH_SERVER
            scp -q $SSH_SERVER:/etc/profile /DR/$SSH_SERVER
            scp -q $SSH_SERVER:/etc/vfstab  /DR/$SSH_SERVER
            scp -q $SSH_SERVER:/etc/shells  /DR/$SSH_SERVER
    fi

done

You cannot copy /etc/shadow in the same way as you are scp'ing /etc/passwd and the other files you list. You need root permission to make this happen because of the mode (permissions) of /etc/shadow. Just doing a passwordless scp is not going to fix this issue for you.