Re: Bizarre passwordless scp problem, help


Chuck wrote:
rsb-asp-google@xxxxxxxxxxxxx wrote:
Chuck wrote:
rsb-asp-google@xxxxxxxxxxxxx wrote:
If anybody can help me with this it would be appreciated.

I'm attempting to do scp to another machine via a script invoked by a
cronjob, therefore it must be passwordless. I have gen'd the id_rsa.pub
and copied it over to the receiving machine and here lies the rub...

After creating the .ssh/ directory in the homedir of the receiving
machine and cating the pub id to the .ssh/authorized_keys file
(creating it in the process), the scp still does not work passwordless.
I have followed the same procedure for another account on the receiving
machine and it works just fine.

Any ideas????

TIA
Steve Ellis.

Couple of things to check...

Did you cache the private key on the client with ssh-agent or keychain?

How would I know?

You would have run the programs ssh-agent and ssh-add. BTW you would
only need to do this if you created your private key with a passphrase.
If you didn't you don't need this step but your setup is much less
secure. Anyone who gets a copy of your private key can use it to
authenticate as you.


Are the .ssh directory and authorized_keys file in the correct user's
home directory on the server?

Yes according to /etc/passwd, but I get the feeling that that is not
where ssh is being looked for it.

Are the permissions on the authorized_keys file correct? Should be 600.

I did a chmod 600 and it didn't help.

BTW, the authorized_keys on the id that works isn't 600.


Like Dimitri said, some versions of sshd are picky. From a security
standpoint protecting that file is not all the critical because it only
contains public keys. Private keys are the ones you should guard with
all diligence.

I'm a programmer, not the machine's administrator, but the
administrator seems to be making no progress. I thought I'd try
inquiring here and appreciated your responses. Also please bear with me
if I don't seem to know the obvious.

One thing I noticed is that if I did a "ps -ef |grep sshd", the 2 ids
which work successfully have an sshd daemon started by them; but the id
that will not do passwordless scp, does not have an sshd daemon
started. Could that have anything to do with it?
If so, would that normally be started at boot time?

.

Relevant Pages

  • Re: Bizarre passwordless scp problem, help
    ... and copied it over to the receiving machine and here lies the rub... ... the scp still does not work passwordless. ... Did you cache the private key on the client with ssh-agent or keychain? ...
    (comp.security.ssh)
  • Re: Bizarre passwordless scp problem, help
    ... and copied it over to the receiving machine and here lies the rub... ... the scp still does not work passwordless. ... Are the permissions on the authorized_keys file correct? ...
    (comp.security.ssh)
  • Re: Bizarre passwordless scp problem, help
    ... and copied it over to the receiving machine and here lies the rub... ... the scp still does not work passwordless. ... Are the permissions on the authorized_keys file correct? ...
    (comp.security.ssh)
  • Re: Documentation/Drafts for scp?
    ... It it operates just like cp except it will use ssh to copy from or to ... If both computer A and computer B are remote, then scp will operate ... and going through the local computer. ... if you want passwordless operation, A and B need to be able to passwordless ...
    (comp.os.linux.misc)
  • Re: Key information
    ... > public key and I can install it on my server. ... > passwordless is no, that I can't do it without the private key? ... Even if you get the private key from them, ...
    (comp.security.ssh)