I have been using the linux command ‘scp’ for a while now to move copies of my scheduled backup files from my live production server to several other servers across the internet for safe keeping.
However, I recently ran into a hiccup with how I have been implementing this command. I almost all cases up to this point I had been using Ubuntu 16.04 LTS linux and mostly on the same cloud services vendor networks. This led me to make an assumption about using this command within a cron triggered script that is not always accurate.
Up to this point, I only had to SSH into my source host (where I copied the files from) and issue the scp command once manually to the target host server and the unique keys would be automatically stored for me and the command would work flawlessly from that point forward from the script without having to manually enter the target host password again.
Anyway… I recently discovered that this “one-time manual” entry of the command does not always store away the appropriate keys that allows it work from a script later. This became apparent when I tried this procedure on alternate linux flavors and versions. So, just in case anyone else here was having an issue getting the ‘scp’ command to work from a script I wanted to pass along the proper way to make it work every time.
I found this on an Oracle Blog by an author named “Jayakara Kini” and even this author credits an unknown “Guest Author” for the procedure. Here is a LINK to the blog. (NOTE: When I rechecked this blog link on 07-29-2022 I found author “Jayakara Kini” no longer had this article posted. I leave the link here for posterity or until he reconnects the link to the article - BKM)
I know that old information like this tends to disappear from blog sites so for the sake of preservation I will post the contents here as well.
Hopefully there are others that will benefit from my endless searching for answers. Please do your own research as well and use only what you need to get everything working properly.
BKM
How To scp, ssh and rsync without prompting for password
Whenever you need to use scp to copy files, it asks for passwords.
Same with rsync as it (by default) uses ssh as well.
Usually scp and rsync commands are used to transfer or backup files between known hosts or by the same user on both the hosts. It can get really annoying if the password is asked every time. I even had the idea of writing an expect script to provide the password.
Of course, I didn’t. Instead I browsed for a
solution and found it after quite some time. There are already a
couple of links out there which talk about it. I am adding to it…
Lets say you want to copy between two hosts host_src
and host_dest.
host_src
is the host where you would run the scp, ssh or rsync
command, irrespective of the direction of the file copy!
1. On host_src,
run this command as the user that runs scp/ssh/rsync
$ ssh-keygen -t rsa
This will prompt for a passphrase. Just press the enter key. It’ll then generate an identification (private key) and a public key. Do not ever share the private key with anyone!
$ ssh-keygen
shows where it saved the public key. This is by default ~/.ssh/id_rsa.pub:
`Your public key has been saved in <your_home_dir>/.ssh/id_rsa.pub`
2. Transfer the id_rsa.pub file to host_dest by either ftp, scp, rsync or any other method.
3. On host_dest,
login as the remote user which you plan to use when you run scp, ssh or rsync on host_src.
4. Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys with the following command:
$ cat id_rsa.pub >>~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/authorized_keys
If this file does not exists, then the above command will create it. Make sure you remove permission for others to read this file.
If its a public key, why prevent others from reading this file?
Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.
5. Note that ssh by default does not allow root to log in.
This has to be explicitly enabled on host_dest.
This can be done by editing /etc/ssh/sshd_config and changing the option of PermitRootLogin seting from no to yes.
Don’t forget to restart sshd so that it reads the modified config file. Do this only
if you want to use the root login.
Well, that’s it. Now you can run scp, ssh and rsync on
host_src
connecting to host_dest
and it won’t prompt for the password.
Note that this will still prompt for the password if you are running
the commands on host_dest
connecting to host_src.
You can reverse the steps above (generate the public key on host_dest
and copy it to host_src) and you have a two way setup ready!