Find the answer to your Linux question:
Results 1 to 7 of 7
I noticed that you can't submit a password in a script for SFTP. After doing some reading, I noticed that keys might be an option. Can someone give me a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    6

    Generating keys for passwordless SFTP transfers?


    I noticed that you can't submit a password in a script for SFTP.

    After doing some reading, I noticed that keys might be an option. Can someone give me a hand on how to do this? What I need to be able to do is send a file from my local server here to an external server over the internet using SFTP.

    When I use the sftp command to connect to the server for the first time, it asked if I wanted to add it to known hosts, but it still asks for a password. Is the solution to generate an authorized_keys file that I would cache on my local server and the remote server?

    Any tips would be greatly appreciated!

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.

    Step 1:
    % ssh-keygen -t dsa
    Generating public/private dsa key pair.
    Enter file in which to save the key (~/.ssh/id_dsa): (just type return)
    Enter passphrase (empty for no passphrase): (just type return)
    Enter same passphrase again: (just type return)
    Your identification has been saved in ~/.ssh/id_dsa
    Your public key has been saved in ~/.ssh/id_dsa.pub
    The key fingerprint is:
    Some really long string
    %
    Step 2:
    Then, paste the content of the local ~/.ssh/id_dsa.pub file into the file ~/.ssh/authorized_keys on the remote host.
    RSA instead of DSA
    If you want something strong, you could try
    % ssh-keygen -t rsa -b 4096
    Instead of the names id_dsa and id_dsa.pub, it will be id_rsa and id_rsa.pub, etc.
    The rest of the steps are identical.

    That's it!

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Apr 2012
    Posts
    6
    Sounds simple! I'll give it a shot on Monday when I go to work.
    Thank you very much!

    I might have to do this for a Linux to Windows based scenario as well. Is this achievable?

  4. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,390
    Small addition to what Lazydog wrote:
    Step 2 can be simplified.
    On the client, type
    Code:
    ssh-copy-id <remote-host>
    So no need to ssh in and copy&paste the public key.


    About windows:
    In theory yes.
    There are ssh daemons for the windows platform.

    But note, that there are significant differences in user/group/permission/credentials handling between the windows and unix platforms.
    Samba/cifs is probably the most advanced tool to deal with that, and not a windows ssh daemon.

    So depending on your specific usecase, it might be better to create a cifs share on the windows side and then use cifs tools on the linux side to connect to it.
    You must always face the curtain with a bow.

  5. #5
    Just Joined!
    Join Date
    Apr 2012
    Posts
    6
    Tried using the ssh-copy-id command to the remote host but got this error:
    /usr/bin/ssh-copy-id: ERROR: No identities found

    I ended up doing it manually and copying the contents of id_dsa.pub into the authorized_keys file on the remote server but I was still prompted for password when using SFTP.
    My SFTP command in my code is simply:

    Code:
    sftp user@serverip

    EDIT: When I simply do sftp xxx.xxx.xxx.xxx that works. Does not ask for password, but when I use the code mentioned above with a user it asks for a password. Is that normal?
    I noticed that only when I'm logged in as root will I not get prompted for password as well. Is this because I created the keys under root? Is there somewhere I can specify users or something?
    Last edited by tetradelta; 04-23-2012 at 03:56 PM.

  6. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    The key has to be copied to the users authorized_keys file.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  7. #7
    Just Joined!
    Join Date
    Apr 2012
    Posts
    6
    I thought of that afterwards so I gave it a shot.
    I copied the key into ~/.ssh and made sure the chmod was right (600) and it still prompts me for the password. Weird.

    EDIT: I thought that the keys would solve box to box communication. I didn't know it had to be configured for each user. I'm not sure this is going to work because I need this to work on about 60 different servers with all kinds of users pointing towards the one remote box. Darn.
    Last edited by tetradelta; 04-23-2012 at 06:14 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •