Generating keys for passwordless SFTP transfers?

[tetradelta]

I noticed that you can't submit a password in a script for SFTP.

After doing some reading, I noticed that keys might be an option. Can someone give me a hand on how to do this? What I need to be able to do is send a file from my local server here to an external server over the internet using SFTP.

When I use the sftp command to connect to the server for the first time, it asked if I wanted to add it to known hosts, but it still asks for a password. Is the solution to generate an authorized_keys file that I would cache on my local server and the remote server?

Any tips would be greatly appreciated!

[Lazydog]

On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.

Step 1:
% ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (~/.ssh/id_dsa): (just type return)
Enter passphrase (empty for no passphrase): (just type return)
Enter same passphrase again: (just type return)
Your identification has been saved in ~/.ssh/id_dsa
Your public key has been saved in ~/.ssh/id_dsa.pub
The key fingerprint is:
Some really long string
%
Step 2:
Then, paste the content of the local ~/.ssh/id_dsa.pub file into the file ~/.ssh/authorized_keys on the remote host.
RSA instead of DSA
If you want something strong, you could try
% ssh-keygen -t rsa -b 4096
Instead of the names id_dsa and id_dsa.pub, it will be id_rsa and id_rsa.pub, etc.
The rest of the steps are identical.

That's it!

[tetradelta]

Sounds simple! I'll give it a shot on Monday when I go to work.
Thank you very much!

I might have to do this for a Linux to Windows based scenario as well. Is this achievable?

[Irithori]

Small addition to what Lazydog wrote:
Step 2 can be simplified.
On the client, type

Code:

ssh-copy-id <remote-host>

So no need to ssh in and copy&paste the public key.


About windows:
In theory yes.
There are ssh daemons for the windows platform.

But note, that there are significant differences in user/group/permission/credentials handling between the windows and unix platforms.
Samba/cifs is probably the most advanced tool to deal with that, and not a windows ssh daemon.

So depending on your specific usecase, it might be better to create a cifs share on the windows side and then use cifs tools on the linux side to connect to it.

[tetradelta]

Tried using the ssh-copy-id command to the remote host but got this error:
/usr/bin/ssh-copy-id: ERROR: No identities found

I ended up doing it manually and copying the contents of id_dsa.pub into the authorized_keys file on the remote server but I was still prompted for password when using SFTP.
My SFTP command in my code is simply:

Code:

sftp user@serverip

EDIT: When I simply do sftp xxx.xxx.xxx.xxx that works. Does not ask for password, but when I use the code mentioned above with a user it asks for a password. Is that normal?
I noticed that only when I'm logged in as root will I not get prompted for password as well. Is this because I created the keys under root? Is there somewhere I can specify users or something?

[Lazydog]

The key has to be copied to the users authorized_keys file.

[tetradelta]

I thought of that afterwards so I gave it a shot.
I copied the key into ~/.ssh and made sure the chmod was right (600) and it still prompts me for the password. Weird.

EDIT: I thought that the keys would solve box to box communication. I didn't know it had to be configured for each user. I'm not sure this is going to work because I need this to work on about 60 different servers with all kinds of users pointing towards the one remote box. Darn.