HYDT: SCP SSH SFTP Secure Copy Files without providing password everytime

Steps to securely Copy files between two boxes using scp command and with password less human intervention
========================================================================
Scenario 1: user_a wants to use passwordless ssh, scp and sftp from server_a to server_b as user_b without any human intervention.

1.  On server_a, login/pbrun as  user_a and  generate private and public key for ssh authentication for user_a . Do not overwrite any existing Keys. It may break some already existing setup.

user_a@server_a >  /usr/bin/ssh-keygen -N ” -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user_a/.ssh/id_dsa):
Created directory ‘/home/user_a/.ssh’.
Your identification has been saved in /home/user_a/.ssh/id_dsa.
Your public key has been saved in /home/user_a/.ssh/id_dsa.pub.
The key fingerprint is:
02:4d:0d:99:84:75:fb:e7:37:68:8e:4b:da:6e:67:74 user_a@server_a

user_a@server_a > cd /home/user_a/.ssh

user_a@server_a > ls -l
total 16
-rw——-   1 user_a  other     668 Mar 19 13:17 id_dsa
-rw-r–r–   1 user_a  other     608 Mar 19 13:17 id_dsa.pub

2.  Copy the public key file from server_a to server_b.  You can use whatever methods you like to copy the public key file. Example below uses sftp. You may copy to /tmp of server_b also .

user_a@server_a > pwd
/home/user_a/.ssh
user_a@server_a >  sftp user_b@server_b
sftp> put id_dsa.pub
Uploading id_dsa.pub to /home/user_b/id_dsa.pub
id_dsa.pub                                    100%  608     0.6KB/s   00:00
sftp> bye
user_a@server_a >

user_b@server_b > pwd
/home/user_b
user_b@server_b > ls -l id_dsa.pub
-rw-r—–   1 user_b  other        608 Mar 19 13:19 id_dsa.pub

3.  On  server_b, login as user_b, create .ssh  folder  and copy that public key to /home/user_b/.ssh/authorized_keys

user_b@server_b > pwd
/home/user_b
user_b@server_b > mkdir .ssh
user_b@server_b > touch .ssh/authorized_keys
user_b@server_b > cat id_dsa.pub >> .ssh/authorized_keys
user_b@server_b > rm id_dsa.pub

Create a symbolic link for authorized_keys2 for compatibility.

user_b@server_b > cd .ssh
user_b@server_b > ln -s authorized_keys authorized_keys2
user_b@server_b >$ ls -la
-rw-r—–   1 user_b  other        608 Mar 19 13:20 authorized_keys
lrwxrwxrwx   1 user_b  other         15 Mar 19 13:22 authorized_keys2 -> authorized_keys

Make sure that user_a’s home directory, .ssh and authorized_keys are only writable by the owner.  UBS home dir permission standard is 755 , not 777 or 775 .

user_b@server_b > chmod o-w ~/.ssh ~/.ssh/authorized_keys
user_b@server_b > chmod g-w ~/.ssh ~/.ssh/authorized_keys
user_b@server_b > ls -ld /home/user_a
drwxr-xr-x  13 user_a   other       4096 Mar 19 14:56  /home/user_a

4.  Run scp, ssh or sftp from server_a as user_a to server_b as user_b.  You should not be prompted with password anymore.

user_a@server_a >  ssh user_b@server_b
user_b@server_b >

Scenario 2: user_a wants to use passwordless ssh, scp and sftp to server_b with the same id and same home directory of  user_a got mounted to both the servers.

The procedure will be the same as scenario 1 except that authoized_keys file will be created under user_a’s .ssh folder from server_a . ( Or from server_b , It does not matter ) .

user_a@server_a >  /usr/bin/ssh-keygen -N ” -t das
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user_a/.ssh/id_dsa):
Created directory ‘/home/user_a/.ssh’.
Your identification has been saved in /home/user_a/.ssh/id_dsa.
Your public key has been saved in /home/user_a/.ssh/id_dsa.pub.
The key fingerprint is:
02:4d:0d:99:84:75:fb:e7:37:68:8e:4b:da:6e:67:74 user_a@server_a

user_a@server_a > cd .ssh
user_a@server_a > ls –l
total 16
-rw——-   1 user_a  other     668 Mar 19 13:17 id_dsa
-rw-r–r–   1 user_a  other     608 Mar 19 13:17 id_dsa.pub

user_a@server_a > cat id_dsa.pub > authorized_keys
user_a@server_a > ln -s authorized_keys authorized_keys2
user_a@server_a >$ ls –la
-rw-r–r–   1 user_a   other     608 Mar 19 14:57 authorized_keys
lrwxrwxrwx   1 user_a   other      15 Mar 19 14:57 authorized_keys2  > authorized_keys
-rw——-   1 user_a   other     668 Mar 19 14:56 id_dsa
-rw-r–r–   1 user_a   other     608 Mar 19 14:56 id_dsa.pub
-rw-r–r–   1 user_a   other     235 Mar 19 14:57 known_hosts
user_a@server_a >  ssh user_a@server_b
user_a@server_b >

Scenario 3: user_a wants to use passwordless ssh, scp and sftp to server_b with the same id but his Automounted Home directory id different on server_a and Server_b.

There are many ApplicationID with different home directory for different regions.  it can be checked easily by running   df -k /home/user_a command on both the servers.

The procedure will also be the same as scenario 1 except that .ssh folder and authorized_keys file will be created under user_a’s home directory in server_a needs to be copied to server_b.

Login to server_a as user_a

user_a@server_a >  /usr/bin/ssh-keygen -N ” -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user_a/.ssh/id_dsa):
Created directory ‘/home/user_a/.ssh’.
Your identification has been saved in /home/user_a/.ssh/id_dsa.
Your public key has been saved in /home/user_a/.ssh/id_dsa.pub.
The key fingerprint is:
02:4d:0d:99:84:75:fb:e7:37:68:8e:4b:da:6e:67:74 user_a@server_a
user_a@server_a > cd .ssh
user_a@server_a > ls -l
total 16
-rw——-   1 user_a  other     668 Mar 19 13:17 id_dsa
-rw-r–r–   1 user_a  other     608 Mar 19 13:17 id_dsa.pub

user_a@server_a > df -k .
Filesystem            kbytes    used   avail capacity  Mounted on
filer1:/vol/v01/home01/user_a
91380224 70503464  576760    80%    /home/user_a

user_a@server_a > pwd
/home/user_a/.ssh
user_a@server_a >  sftp user_a@server_b
sftp> put id_dsa.pub
Uploading id_dsa.pub to /home/user_a/id_dsa.pub
id_dsa.pub                                    100%  608     0.6KB/s   00:00
sftp> bye
user_a@server_a >

Login to server_b as user_a

user_a@server_b > pwd
/home/user_a
user_a@server_b > df -k .
Filesystem            kbytes    used   avail capacity  Mounted on
filer2:/vol/v02/home02/user_a
51380224 50503464  76760    99%    /home/user_a
user_a@server_b > ls -l id_dsa.pub
-rw-r—–   1 user_a  other        608 Mar 19 13:19 id_dsa.pub

user_a@server_b > mkdir .ssh
user_a@server_b > touch .ssh/authorized_keys
user_a@server_b > cat id_dsa.pub >> .ssh/authorized_keys
user_a@server_b > rm id_dsa.pub

user_a@server_b > chmod o-w ~/.ssh ~/.ssh/authorized_keys
user_a@server_b > chmod g-w ~/.ssh ~/.ssh/authorized_keys
user_a@server_b > ls -ld /home/user_a
drwxr-xr-x  13 user_a   other       4096 Mar 19 14:56  /home/user_a

user_a@server_a >  ssh user_a@server_b
user_a@server_b >

Advertisements