Whenever you need to use scp
to copy files, it asks for passwords. Same with rsync
as it (by default) uses ssh
as well. Usually scp
commands are used to transfer or backup files between known hosts or
by the same user on both the hosts. It can get really annoying the
password is asked every time. I even had the idea of writing an
expect script to
provide the password. Of course, I didn't. Instead I browsed for a
solution and found it after quite some time. There are already a
couple of links out there which talk about it. I am adding to it...
Lets say you want to copy between two hosts host_src
is the host where you would run the scp,
of the direction of the file copy!
run this command as the user that runs scp/ssh/rsync
ssh-keygen -t rsa
This will prompt for a passphrase. Just press the
enter key. It'll then generate an identification (private key) and a
public key. Do not ever share the private key with anyone!ssh-keygen shows
where it saved the public key. This is by default ~/.ssh/id_rsa.pub:
public key has been saved in <your_home_dir>/.ssh/id_rsa.pub
Transfer theid_rsa.pubfile tohost_destby eitherftp,scp,rsyncor any other method.
login as the remote user which you plan to use when you run scp,sshor rsyncon host_src.
Copy the contents
of id_rsa.pubto ~/.ssh/authorized_keys
$ chmod 700
If this file does not
exists, then the above command will create it. Make sure you remove
permission for others to read this file. If its a public key, why
prevent others from reading this file? Probably, the owner of the
key has distributed it to a few trusted users and has not placed any
additional security measures to check if its really a trusted user.
Note that ssh
by default does not allow root to log in. This has to be explicitly
enabled on host_dest.
This can be done by editing /etc/ssh/sshd_config
and changing the option of PermitRootLogin
Don't forget to restart sshd so that it reads the modified config file. Do this only
if you want to use the root login.
Well, thats it. Now you can run scp,
connecting to host_dest
and it won't prompt for the password.
Note that this will still prompt for the password if you are running
the commands on host_dest
connecting to host_src.
You can reverse the steps above (generate the public key on host_dest
and copy it to host_src)
and you have a two way setup ready!