Command-Password Less scp, ssh and rsync

Whenever you need to use scp to copy files, it asks for passwords. Same with rsync as it(by default) uses ssh as well. Usually scp and rsync commands are used to transfer or backup files between known hosts or by the same user on both the hosts. It can get really annoying the password is asked every time. I even had the idea of writing an expect script to provide the password. Of course, I didn't. Instead I browsed for a solution and found it after quite some time. There are already a couple of links out there which talk about it. I am adding to it...
Lets say you want to copy between two hosts host_src and host_desthost_src is the host where you would run the scp, ssh or rsyn command, irrespective of the direction of the file copy!
1.    On host_src, run this command as the user that runs scp/ssh/rsync
$ ssh-keygen -t rsa
This will prompt for a passphrase. Just press the enter key. It'll then generate an identification (private key) and a public key. Do not ever share the private key with anyone! ssh-keygen shows where it saved the public key. This is by default~/.ssh/id_rsa.pub:
Your public key has been saved in <your_home_dir>/.ssh/id_rsa.pub
2.    Transfer the id_rsa.pub file to host_dest by either ftpscp, rsync or any other method.
3.    On host_dest, login as the remote user which you plan to use when you run scpsshor rsync on host_src.
4.    Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys
$ cat id_rsa.pub >>~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/authorized_keys

If this file does not exists, then the above command will create it. Make sure you remove permission for others to read this file. If its a public key, why prevent others from reading this file? Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.

5.    Note that ssh by default does not allow root to log in. This has to be explicitly enabled on host_dest. This can be done by editing /etc/ssh/sshd_config and changing the option of PermitRootLoginfrom no to yes. Don't forget to restart sshd so that it reads the modified config file. Do this only if you want to use the root login.

Well, thats it. Now you can run scpssh and rsync on host_src connecting to host_dest and it won't prompt for the password. Note that this will still prompt for the password if you are running the commands on host_dest connecting tohost_src. You can reverse the steps above (generate the public key on host_dest and copy it to host_src) and you have a two way setup ready!
For Example

ssh-keygen -t rsa

ssh dscadmin@astros mkdir -p .ssh
ssh dscadmin@cardinals mkdir -p .ssh
ssh dscadmin@marlins mkdir -p .ssh
ssh dscadmin@nationals mkdir -p .ssh

cat .ssh/id_rsa.pub | ssh dscadmin@astros 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh dscadmin@cardinals 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh dscadmin@marlins 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh dscadmin@nationals 'cat >> .ssh/authorized_keys'

ssh dscadmin@astros "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
ssh dscadmin@cardinals "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/bts/5-0/protocol/guide/85system.fm/_jcr_content/renditions/85system-2.jpgssh dscadmin@marlins "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
ssh dscadmin@nationals "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

ssh dscadmin@astros ls
ssh dscadmin@cardinals ls
ssh dscadmin@marlins ls
ssh dscadmin@nationals ls


ssh root@astros mkdir -p .ssh
ssh root@cardinals mkdir -p .ssh
ssh root@marlins mkdir -p .ssh
ssh root@nationals mkdir -p .ssh

cat .ssh/id_rsa.pub | ssh root@astros 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh root@cardinals 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh root@marlins 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh root@nationals 'cat >> .ssh/authorized_keys'

ssh root@astros "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
ssh root@cardinals "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
ssh root@marlins "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
ssh root@nationals "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

ssh root@astros ls
ssh root@cardinals ls
ssh root@marlins ls
ssh root@nationals ls

Comments

Post a Comment

Popular posts from this blog

Connect Cassandra using DBeaver

Image
DBearver: Download enterpriese DBearver .its free (dbeaver-ee-3.7.4-x86_64-setup) http://dbeaver.jkiss.org/download/enterprise/ cassandra-jdbc-driver: http://www.dbschema.com/cassandra-jdbc-driver.html Step-1: Select Database->Driver Manager Step-2:Select New Step-3: Driver Information : Driver Name:                  User Friendly Name Driver Type:                    Generic Java Driver Class:           com.dbschema.CassandraJdbcDriver URL:                                    jdbc:cassandra://{host}[:{port}]/{database} Required File(s):            cassandra-driver.jar Default Port:                   9042 Library File:                      cassandrajdbc1.1 Step-4: Get the class jar file cassandrajdbc1.1 Step-5: select Find Class Step-6: Apply Ok Step-7: New Database connection Step-8: Select Database Type Step-9: Put the database connection information Step-10: put the ssh tunnel information
Read more

Virtualization and Cloud Computing

Image
What is virtualization? In a nutshell, virtualization is software that separates physical infrastructures to create various dedicated resources. It is the fundamental technology that powers cloud computing. "Virtualization software makes it possible to run multiple operating systems and multiple applications on the same server at the same time," said Mike Adams , director of product marketing at VMware, a pioneer in virtualization and cloud software and services. "It enables businesses to reduce IT costs while increasing the efficiency, utilization and flexibility of their existing computer hardware." The technology behind virtualization is known as a virtual machine monitor (VMM) or virtual manager, which separates compute environments from the actual physical infrastructure. Virtualization makes servers, workstations, storage and other systems independent of the physical hardware layer , said John Livesay, vice president of InfraNet , a network infrast
Read more

SIP-TIMERS “Timing is everything”

Image
      There are several aspects of SIP that ensure that messages are delivered on time. Three basic SIP timer parameters – T1, Timer B, and Timer F.  T1 is the estimated round trip time of an IP packet.  By default, T1 is set to 500 milliseconds which for many networks can be a little on the high side.   However, the SIP standard allows you to ignore the default and set it to something that better matches your network characteristics. The second SIP timer parameter is Timer B.  Timer B is the maximum amount of time that a sender will wait for an INVITE message to be acknowledged — i.e. a SIP response message is received. Timer F is the maximum amount of time that a sender will wait for a non-INVITE message to be acknowledged.  SIP messages such as REFER, INFO, MESSAGE, BYE, and CANCEL fall into this category. The way that Timer B and Timer F function is pretty straightforward.   Both timers default to 64 times T1.  If you take the T1 default of 500ms, Timer B and Time
Read more