On Sat, 2003-05-31 at 22:21, Kalin Mintchev wrote: > On 30 May 2003, Bret Hughes wrote: > > > On Fri, 2003-05-30 at 19:39, Kalin Mintchev wrote: > > > > > > hi all, > > > > > > i'm trying to do an automated process of scp between 2 linux machines. > > > i can't make it to work. here is what i've done so far: > > > used ssh-keygen to make a new key with -t rsa (or rsa1)... > > > when asked for passphrase - i leave it blank > > > after that i scp the identity.pub to the .ssh dir of the user on the > > > remote machine.... > > > > > > after that i try: > > > scp -i identity moo.txt [EMAIL PROTECTED]:moo.txt > > > > > > and i get promped for password.... > > > > > > i thought that the key is all one needs to automate the scp... > > > how else can i avoid the password prompt? > > > > the identity.pub contents need to be in a file named > > ~/.ssh/authorized_keys on later versions of openssh and > > ~/.ssh/authorized_keys2 on some of the earlier version that supported > > protocol 2 keys. > > > > Also the perms on the file has to be pretty tight with no group write > > IIRC. > > thanks Bret.... i tried it all... > here is what i did last: > > new key with ssh-keygen -t rsa; > this created 2 files id_rsa and id_rsa.pub > the id_rsa has 600 and id_rsa.pub has 644 (permissions) > scp id_rsa.pub [EMAIL PROTECTED]:.ssh/authorized_keys > > => here i get asked for password for the user so i enter it in order to > scp the file over... > > i checked on the remote host in the .ssh dir and the file is on it's place > with the same permissions and with the assigned name - authorized_keys. > > then from the "first" machine i do: > > scp -i id_rsa.pub ../moo.txt [EMAIL PROTECTED]:moo.txt > > and i get the password prompt.... > > what is wrong in the process above?! > > thanks a lot..... >
what are the perms in ~/.ssh on the remote machine? Here's mine [EMAIL PROTECTED] bhughes]$ ls -al .ssh total 28 drwx------ 2 bhughes bhughes 4096 Apr 17 13:40 . drwx------ 24 bhughes bhughes 4096 Jun 1 02:36 .. -rw------- 1 bhughes bhughes 606 Apr 17 13:40 authorized_keys -rw------- 1 bhughes bhughes 672 Oct 24 2002 id_dsa -rw-r--r-- 1 bhughes bhughes 625 Oct 24 2002 id_dsa.pub -rw-r--r-- 1 bhughes bhughes 4188 May 11 07:52 known_hosts if you still have problems make sure the sshd is set up to accept PK auth. should be by default. again here is mine: [EMAIL PROTECTED] bhughes]$ sudo grep -i auth /etc/ssh/sshd_config Password: #SyslogFacility AUTH SyslogFacility AUTHPRIV # Authentication: #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no #RhostsRSAAuthentication no #HostbasedAuthentication no # RhostsRSAAuthentication and HostbasedAuthentication #PasswordAuthentication yes #ChallengeResponseAuthentication yes # KerberosAuthentication automatically enabled if keyfile exists #KerberosAuthentication yes # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt yes you can crank up the logging in /etc/ssh/sshd_config and try to connect if you are still having probs and post the output. Seems like it puts it in /var/log/secure Change this line #LogLevel INFO to LogLevel DEBUG3 >From the sshd man page LogLevel Gives the verbosity level that is used when logging messages from sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VER- BOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended. Careful what you post I think if you crank up the DEEBUG this high it will print the keys too. Bret -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
