Looking for something? Try here..

Thursday, November 24, 2011

SCP without password prompt

Many a times, we are in need of copying files from one server to another for our work to continue. SCP is a powerful unix utility to do file copy in a secure way. Each time when you do an scp, it prompts for the password of the target server's user. This is very good in terms of security, but might be annoying when you do a large set of file copy.

This password prompt would halt your work by some means. For e.g., you might had a script configured to pass files from source server to target server where scp does the file copy. Here if you want to pass the password each and everytime, the automated script is of no mean.
Let's see how to do scp without a password prompt.

This is to do scp without password in scripts.
First step is to create a key pair between the servers.

The syntax to create the key pair is:

$ ssh-keygen -t rsa

In response, you should see:

Generating public/private rsa key pair
Enter file in which to save the key ...

Press Enter to accept this.

In response, you should see:

Enter passphrase (empty for no passphrase):

You don't need a passphrase, so press Enter twice.

In response, you should see:

Your identification has been saved in ...
Your public key has been saved in ...

Note the name and location of the public key just generated. It always ends in .pub.

Below is an example from RHEL 8 box
[oracle@linux-8 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1qKWyoZ9GN0jpOz0ikOv+dkQk9bVGY8PxcDfjp0Ho7Y oracle@linux-8.selvapc.com
The key's randomart image is:
+---[RSA 3072]----+
|         .oo.    |
|         ..*.    |
|        . =...   |
|     o.. . o. +  |
|   .=+..S . .= + |
|  ..=oo+o.  + + .|
| . *.++. . . . . |
|  o+**o     E    |
|  +=*o.          |
+----[SHA256]-----+
[oracle@linux-8 ~]$
[oracle@linux-8 ~]$ ls -lrt ~/.ssh/
total 12
-rw-r--r--. 1 oracle oinstall  699 Mar 10 00:23 known_hosts
-rw-------. 1 oracle oinstall 2622 Mar 11 01:49 id_rsa
-rw-r--r--. 1 oracle oinstall  580 Mar 11 01:49 id_rsa.pub
[oracle@linux-8 ~]$
Copy the public key just generated to all of your remote Linux boxes. You can use scp or FTP or whatever to make the copy. 
Assuming you're using root, the key must be contained in the file /root/.ssh/authorized_keys

Or, if you are logging in as a user, for example, oracle, it would be in ~/.ssh/authorized_keys. Notice that the authorized_keys file can contain keys from other PCs. So, if the file already exists and contains text, you need to append the contents of your public key file to what already is there.

On remote machine.. 

$ cat id_rsa.pub >>~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/authorized_keys

With the above procedure completely done, you can copy your files without the prompt for the password.

Update: 11 Mar 2021
Added o/p of ssh-keygen from a RHEL 8 box

No comments:

Post a Comment