X
  • Tech |
    October 17, 2007

How To scp, ssh and rsync without prompting for password

Whenever you need to use scp
to copy files, it asks for passwords. Same with rsync
as it (by default) uses ssh
as well. Usually scp
and rsync
commands are used to transfer or backup files between known hosts or
by the same user on both the hosts. It can get really annoying the
password is asked every time. I even had the idea of writing an
expect script to
provide the password. Of course, I didn't. Instead I browsed for a
solution and found it after quite some time. There are already a
couple of links out there which talk about it. I am adding to it...

Lets say you want to copy between two hosts host_src
and host_dest.
host_src
is the host where you would run the scp,
ssh
or rsyn
command, irrespective
of the direction of the file copy
!


  1. On host_src,
    run this command as the user that runs
    scp/ssh/rsync

    $
    ssh-keygen -t rsa

    This will prompt for a passphrase. Just press the
    enter key. It'll then generate an identification (private key) and a
    public key. Do not ever share the private key with anyone!ssh-keygen shows
    where it saved the public key. This is by default ~/.ssh/id_rsa.pub:

    Your
    public key has been saved in <your_home_dir>/.ssh/id_rsa.pub



  1. Transfer theid_rsa.pubfile tohost_destby eitherftp,scp,rsyncor any other method.



  1. Onhost_dest,
    login as the remote user which you plan to use when you run
    scp,sshor rsyncon host_src.

  2. Copy the contents
    of
    id_rsa.pubto ~/.ssh/authorized_keys



    $ cat
    id_rsa.pub >>~/.ssh/authorized_keys
    $ chmod 700
    ~/.ssh/authorized_keys



    If this file does not
    exists, then the above command will create it. Make sure you remove
    permission for others to read this file. If its a public key, why
    prevent others from reading this file? Probably, the owner of the
    key has distributed it to a few trusted users and has not placed any
    additional security measures to check if its really a trusted user.

  1. Note that ssh
    by default does not allow root to log in. This has to be explicitly
    enabled on host_dest.
    This can be done by editing /etc/ssh/sshd_config
    and changing the option of PermitRootLogin
    from no
    to yes.
    Don't forget to restart sshd so that it reads the modified config file. Do this only
    if you want to use the root login.


Well, thats it. Now you can run scp,
ssh and
rsync on
host_src
connecting to host_dest
and it won't prompt for the password.
Note that this will still prompt for the password if you are running
the commands on
host_dest
connecting to host_src.
You can reverse the steps above (generate the public key on
host_dest
and copy it to host_src)
and you have a two way setup ready!

Join the discussion

Comments ( 7 )
  • Derek Morr Wednesday, October 17, 2007

    In enterprise environments, it is also possible to use Kerberos to login to ssh servers without being prompted for a password. This support is built into OpenSSH and many graphical clients for Windows and Mac OS X.


  • Darren Dunham Thursday, October 18, 2007

    Using a key without a passphrase can be more of a risk than you may want. If anyone ever gets that key (say off a backup tape, or a one-time vulnerability), then the remote account is compromised.

    As long as you're running the command interactively, a great alternative is to apply a passphrase, but use the ssh-agent to remember the passphrase while you're logged in (ssh-agent, ssh-add). While there are still vulnerabilities this way, they're much smaller than using a key without a passphrase.

    And with the agent running (usually at login time), you only have to enter the passphrase one time.


  • Jayakara Kini Monday, October 22, 2007

    Darren, I completely agree with you. Using ssh-add+ssh-agent does reduce the risk.


  • R Nayak Thursday, November 1, 2007

    Are there any ssh settings on the host_dest that are needed to ensure that this works. After taking the steps here I am still prompted for a password.

    - R N


  • Jayakara Kini Tuesday, November 20, 2007

    R Nayak: Are you using root login to ssh? If so, you'll have to edit /etc/ssh/sshd_config and restart sshd. See 'PermitRootLogin' option in that file. By default, sshd does not allow root login.


  • Tapajyoti Wednesday, December 5, 2007

    R Nayak: Try chaging the permission of the home directory to 700(chmod 700) on both the src and dest hosts.


  • Imran Shakir Tuesday, December 11, 2007

    Hi

    It's a superb piece of information, bein Redhat Linux Enterprize administrator, I was really lookin for a way to skip password durin scp and rsync and here I found it. Thanks for help mate. Take care.

    Best Regards


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha

Recent Content

Oracle

Integrated Cloud Applications & Platform Services