'interactive password authentication' means 'password typed by a human being in realtime authentication' and no artificial substitutes for 'human' are acceptable. This is because stored passwords are almost impossible to keep safe.
Fortunately, there's a much better way to automate ssh/scp/sftp passwords -- keys. (Note that ssh, sftp, scp all use the same protocol, and the same keys.) They were designed for this purpose. Just having the right files in the right places on both the client and the server will allow the client to login to the server automatically.
Instead of sending a password, it sends an encrypted key. This key is generated by the ssh-keygen command.
It resides in the ~/.ssh/ directory on both the client and server. The client has the key files themselves. The server just has the key listed in authorized_keys.
If you have the ssh-copy-id command, this will be brief and simple to set up from the client:
Code:
# Just hit enter to all the questions this asks you
$ ssh-keygen -t rsa
$ ssh-copy-id username@host
# Should now login without a password
$ ssh username@host
Hello,
Let's say I have the command line:
scp -r /home/Mohit/Switches mkakkar@softmon:/home/mkakkar/
If I put a "/" after the Switches such that I get:
scp -r /home/Mohit/Switches/ mkakkar@softmon:/home/mkakkar/
How does the behaviour change? (1 Reply)
I want to know
how can i use scp command in the reverse fashion
meaning i have two machines server1 and server2
I have files in server1 that i need to copy to server2
But i do not have write permissions on server2 although
i have read permissions on server1
is there a way i can go... (3 Replies)
how can I find cpu usage memory usage swap usage and
I want to know CPU usage above X% and contiue Y times and memory usage above X % and contiue Y times
my final destination is monitor process
logical volume usage above X % and number of Logical voluage above
can I not to... (3 Replies)
Hi,
I have around 100 files which are aroun 10 MB in size and need to SCP all those files to another machine.
Could you please suggest which way is efficient to do?
1. Gzip each file and transfer one by one.
2. Tar all the files together and then gzip it and send one HUGE file.
Basicaly... (3 Replies)
Hi all,
Can you please tell me the command, with which one can know the amount of space a specific directory has used.
df -k . ---> Displays, the amount of space allocated, and used for a directory.
du -k <dir name> - gives me the memory used of all the files inside <dir>
But i... (2 Replies)
if i use scp command to copy a file from one server another server it is asking password of the server from where the file being copied. i am automating some reports.. i need the file to be copied without asking the password. can any help me out??? thanks in advance,
Arun Manas (1 Reply)
Hi all,
I want to copy files from unix server to another unix server with out any password. Can some one please explain me the steps involved in achieving this with the actual commands and the sequence of commands i details.
I tried my luck ith below procedure but it was not working.
#... (1 Reply)
Can someone please help me with what is wrong with this command?
scp oracle@hrkpd124:/u01/app/oracle/rdbms/admin/dpoo.html root@hrkpmgmt:/export
my intention is to copy the file dopp.html from the server hrkpd124 to the server hrkpmgmt but i am getting the error... (3 Replies)
I need one help.
I want to copy specific folder/file from one Linux servers to another.
I want scp command that will search the file/folder in given path of one server and copy that result on another remote server.
Kindly help me to resolve issue
Thanks and Regards,
Rajesh (4 Replies)
Discussion started by: Nawrajesh
4 Replies
LEARN ABOUT XFREE86
ssh-keysign
ssh-keysign(1M)ssh-keysign(1M)NAME
ssh-keysign - ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the name of the
client user.
ssh-keysign is disabled by default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
basedAuthentication to yes.
ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based authen-
tication.
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must be set-uid root if host-based
authentication is used.
ssh-keysign will not sign host-based authentication data under the following conditions:
o If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
den in users' ~/.ssh/ssh_config files.
o If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of the client where ssh-keysign is
invoked and the name of the user invoking ssh-keysign.
In spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
ssh(1), sshd(1M), ssh_config(4), attributes(5)AUTHORS
Markus Friedl, markus@openbsd.org
HISTORY
ssh-keysign first appeared in Ox 3.2.
9 Jun 2004 ssh-keysign(1M)