Passwordless SFTP - SCP Option?

Shell Programming and Scripting
1

I have read documentation on SCP and just trying to figure out how go about doing this - below are two pieces of code, one is SFTP and one is SCP. My goal is to have this done via password-less authentication, fully automated. Currently we use SFTP and the script asks for the password of the account we are connecting to, but we are trying to skip that.

# Connect to SFTP
echo ""
sftp -b /dev/stdin ${INPUT_APP_LOW}proc@$(hostname) <<EOF
cd $BATCHFILEPATH
lcd /home/etladmin/deploy/$INPUT_APP_LOW/KSH
put $SHELLSCRIPT
chmod 755 $SHELLSCRIPT
quit
EOF

# Use SCP instead of SFTP
cd /home/etladmin/deploy/$INPUT_APP_LOW/KSH
scp $SHELLSCRIPT ${INPUT_APP_LOW}proc@$(hostname):$BATCHFILEPATH
chmod 755 $BACTCHFILEPATH/$SHELLSCRIPT

Can anyone let me know if my SCP code is correct? Also is there a good link on how to setup password-less authentication so that either SFTP or SCP requires no user input at all.

2

The code looks OK, but without knowing the values of the variables, how can we know for sure? (I would just say that you're scp'ing a file to a remote server, then chmod'ing it locally).

I'd be surprised if you Googled "password-less authentication using SSH" and didn't get a good answer.

3

I will take a look at Google to see if I can come up with something that helps.

Basically we are SCPing a file onto the same server, just with a different account as the files are owned by (app)proc and we are logged in with the application account that initiates the launch of the script.

Is this the proper way to move files owned by a different account or is there something else we should be doing to have this as the end result?

4

OK :slight_smile: It's a very common question, which is why I suggested searching it.

Logged into a server as the user I want to connect from, generate an SSH key (if one doesn't already exist).

Put it in the authorised keys file of the user on the server I want to connect to.

http://www.unix.com/ip-networking/188549-ssh-virtual-box-4-0-4-a.html

5

I tried to set it up based on that thread and got the following when I try to ssh/scp into the other account on the server.

Any idea what might be causing this?

6

What exactly did you do when you set up the keys?

7

Basically followed these directions, found via Google (tried authorized_keys and authorized_keys2, based on different results)

etladmin@SERVER> ssh-keygen -t rsa
etladmin@SERVER> cat .ssh/id_rsa.pub | ssh edwproc@SERVER 'cat >> /home/edwproc/.ssh/authorized_keys'
etladmin@SERVER> cat .ssh/id_rsa.pub | ssh edwproc@SERVER 'cat >> /home/edwproc/.ssh/authorized_keys2'

It says at this point a request to ssh edwproc@SERVER should auto-connect and not prompt for a password, which it does as per the above post.

8

Your permissions on those folders may be wrong. sshd will refuse to read them if they're set with insecure file and folder permissions.

Your ~/.ssh/ folders on both ends need to be 700. Your authorized_keys needs to be 744.

I don't see much point in putting the key in authorized_keys2.

9

Yup, those are the permissions I have set and still prompts for password.

I have also checked /etc/ssh files (ssh_config and sshd_config) based on some info found online and both look correct.

10

Tell me more about your local system and the system you're ssh-ing into. Are they different OSes?

11

Actually SCPing a file on the same machine, just between two different accounts. This only involves one server, but between accounts I figured this should be done via SCP as we are trying to automate this process.

Does this change things? Is there a better way to copy files between two accounts?

12

How about you tell me the operating system of your single system, then? :wall:

I might use sudo -u username cp , though you'd have to configure sudo to allow it passwordlessly for the relevant users.

13

Sorry about that.

The server is running Solaris 10 8/07 s10s_u4wos_12b SPARC.

14

Try a DSA key instead of an RSA one.

15

I get the same behavior with DSA (ssh-keygen -t dsa)

16

Your ssh client, oddly, seems to be using a newer protocol than your ssh server. Very strange when they're on the same machine.

Try forcing ssh 1 protocol from the commandline. [edit] That seems to be the -1 switch. as in dash one, not dash ell.

17

Here is trying to force SSH 1 protocol via command line.

qahe01sv04itd:/home/etladmin/.ssh> ssh -1 -v edwproc@qahe01sv04itd.ash.pwj.com
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090705f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to qahe01sv04itd.ash.pwj.com [148.112.76.106] port 22.
debug1: Connection established.
debug1: identity file /home/etladmin/.ssh/identity type -1
debug1: identity file /home/etladmin/.ssh/id_rsa1 type -1
debug1: identity file /home/etladmin/.ssh/id_rsa type 1
debug1: identity file /home/etladmin/.ssh/id_rsa2 type -1
debug1: identity file /home/etladmin/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
Protocol major versions differ: 1 vs. 2
debug1: Calling cleanup 0x3429c(0x0)
18

Can anyone else take a look at this for me - still can't get it working. Thank you.

19

Check the permissions on your home directories. I think having them world-writable can block ssh.

1 Like
20

BINGO! That was it - their home folders were 777 which blocked ssh.

Thank you so much!!

1 Like