scp without prompting for password

satish1 · May 24, 2011, 6:43am

I am trying to copy a file from remote machine using scp. I followed the steps to configure public/private key usage. But still prompting for password when I do ssh.

I did the following steps to configure scp without asking password

Step 1 : local host

> ssh-keygen -t rsa

and when prompted for pass phrase I hit enter. Then id_rsa , id_rsa.pub files created in <usershome>/.ssh directory.

Step 2 : local host

> scp id_rsa.pub <remoteIP>:/tmp/mykey

, prompted for password as usual and provided password to copy.

Step 3 : Remote host

> cd ~/.ssh
cat /tmp/mykey >> authorized_keys2

step 4 : Remote host

> ln -s authorized_keys2 authorized_keys

step 5 : local host

> ssh -v <remote host>
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to <remote host> [<remote host>] port 22.
debug1: Connection established.
debug1: identity file /home/users/sbob/.ssh/id_rsa.pub type 1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1587/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '<remote host>' is known and matches the RSA host key.
debug1: Found key in /home/users/sbob/.ssh/known_hosts:1
debug1: bits set: 1548/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying public key: /home/users/sbob/.ssh/id_rsa.pub
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:

still asking for password. what would be the reason?

Skrynesaver · May 24, 2011, 6:58am

Try a different public key method such as DSA, almost the same procedure, rinse and repeat until you have created a key for an agreed protocol

$ ssh-keygen -t dsa 
(accept the default for all queries)  
$ cat ~/.ssh/id_dsa.pub | ssh $REMOTE_HOST  "mkdir .ssh ; cat >>.ssh/authorized_keys" 
(enter your password)  
$ ssh $REMOTE_HOST echo 
$ssh $REMOTE_HOST
(should bring you over without keyboard interaction)

satish1 · May 24, 2011, 7:24am

I got the same again. Again it is prompted for password. I followed the exact steps by removing space at . ssh to .ssh.

Skrynesaver · May 24, 2011, 7:33am

And if you try with rsa1 publickey?

ssh-keygen -t rsa1

Assuming that you're talking to an old Sparc box that only does ssh version 1

pludi · May 24, 2011, 7:46am

Can you check the permissions on ~.ssh, ~.ssh/authorized_keys2? SSH is quite picky about them. If in doubt, allow access only to the user, and remove all permissions for group and other.

By the way, a simpler way to install the public key is man ssh-copy-id (Linux), which is part of OpenSSH.

satish1 · May 24, 2011, 7:56am

It didn't help. Any issue if the architecture differs, I am using solaris 10 sparc and solaris 10 X86 machines.

purdym · May 24, 2011, 8:01am

Try running ssh agent to cache the pass phrase.

Peasant · May 24, 2011, 11:29am

OpenSSH FAQ 3.14 section might interest you.

pludi mentioned it above, but it also includes $HOME permissions of user running the action.

Here is also handy oneliner :

ssh user@server 'cat >> ~/.ssh/authorized_keys' < ~/.ssh/id_rsa.pub

satish1 · May 25, 2011, 5:57am

$HOME permission restricted to 700 did help. Thanks.

aishsimplesweet · May 29, 2011, 3:25am

hi
i got this prblem same when i was trying to implement automated scp in my office..
i replied on many forum here but did not able to get the right answer because it is again and again asking for the password.
well, it is very simple
see in my case it is too asking the password .. so just check the user where ur trying to connect to the remote machine exsit in /usr directory or not ..
sometime what happen
a group exist in /usr directory and isntance of that group we used to log in .
like
in /use directory group is ABC and instance of this are abc1 abc2 abc3
and they are present in ABC/abc1 directory..
so we log in to the machine using abc1 directory..

just check it if the user exsit in /usr directory or not..

it solves my problem because my the user whr i am trying to connect does not exsit in the /usr directory..