Find the answer to your Linux question:
Results 1 to 7 of 7
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Generating keys for passwordless SFTP transfers?

    I noticed that you can't submit a password in a script for SFTP.

    After doing some reading, I noticed that keys might be an option. Can someone give me a hand on how to do this? What I need to be able to do is send a file from my local server here to an external server over the internet using SFTP.

    When I use the sftp command to connect to the server for the first time, it asked if I wanted to add it to known hosts, but it still asks for a password. Is the solution to generate an authorized_keys file that I would cache on my local server and the remote server?

    Any tips would be greatly appreciated!

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.

    Step 1:
    % ssh-keygen -t dsa
    Generating public/private dsa key pair.
    Enter file in which to save the key (~/.ssh/id_dsa): (just type return)
    Enter passphrase (empty for no passphrase): (just type return)
    Enter same passphrase again: (just type return)
    Your identification has been saved in ~/.ssh/id_dsa
    Your public key has been saved in ~/.ssh/
    The key fingerprint is:
    Some really long string
    Step 2:
    Then, paste the content of the local ~/.ssh/ file into the file ~/.ssh/authorized_keys on the remote host.
    RSA instead of DSA
    If you want something strong, you could try
    % ssh-keygen -t rsa -b 4096
    Instead of the names id_dsa and, it will be id_rsa and, etc.
    The rest of the steps are identical.

    That's it!


    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Sounds simple! I'll give it a shot on Monday when I go to work.
    Thank you very much!

    I might have to do this for a Linux to Windows based scenario as well. Is this achievable?

  4. $spacer_open
  5. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Small addition to what Lazydog wrote:
    Step 2 can be simplified.
    On the client, type
    ssh-copy-id <remote-host>
    So no need to ssh in and copy&paste the public key.

    About windows:
    In theory yes.
    There are ssh daemons for the windows platform.

    But note, that there are significant differences in user/group/permission/credentials handling between the windows and unix platforms.
    Samba/cifs is probably the most advanced tool to deal with that, and not a windows ssh daemon.

    So depending on your specific usecase, it might be better to create a cifs share on the windows side and then use cifs tools on the linux side to connect to it.
    You must always face the curtain with a bow.

  6. #5
    Tried using the ssh-copy-id command to the remote host but got this error:
    /usr/bin/ssh-copy-id: ERROR: No identities found

    I ended up doing it manually and copying the contents of into the authorized_keys file on the remote server but I was still prompted for password when using SFTP.
    My SFTP command in my code is simply:

    sftp user@serverip

    EDIT: When I simply do sftp that works. Does not ask for password, but when I use the code mentioned above with a user it asks for a password. Is that normal?
    I noticed that only when I'm logged in as root will I not get prompted for password as well. Is this because I created the keys under root? Is there somewhere I can specify users or something?
    Last edited by tetradelta; 04-23-2012 at 03:56 PM.

  7. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    The key has to be copied to the users authorized_keys file.


    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #7
    I thought of that afterwards so I gave it a shot.
    I copied the key into ~/.ssh and made sure the chmod was right (600) and it still prompts me for the password. Weird.

    EDIT: I thought that the keys would solve box to box communication. I didn't know it had to be configured for each user. I'm not sure this is going to work because I need this to work on about 60 different servers with all kinds of users pointing towards the one remote box. Darn.
    Last edited by tetradelta; 04-23-2012 at 06:14 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts