I have a sftp server on linux machine A and I want to access it via password-less authentication to connect from machine B. So I created a ssh key pair on machine B but I'm not sure how to copy that pub-key to the sftp server. Both machines are centos7 machines. Can someone please shed some light on how to copy a file to the sftp server with a command or script that will allow password-less authentication to the sftp server (server A)?
Arun, in order for public-key/private-key authorization to work on Linux, there are a few formalities regarding the keys that need to be observed. Primarily the permissions and the file that contains the public key from Server B on Server A.
First on Server B, generate your public and private keys with, e.g. ssh-keygen -t rsa. This will create ~/.ssh/id_rsa (your private key) and ~/.ssh/id_rsa.pub (your public key) with the default length (generally 2048 bytes). The permissions on your private key must be 0600 (e.g. -rw-------)
(note:, you can choose to generate an ecdsa type key if you need, but do not use dsa as use of dsa keys has been deprecated and their use is generally disabled by default on current versions of openssh)
In order to login without password to Server A, your public key must be copied to Server A and it must be appended to (or copied to if it is the first key) ~/.ssh/authorized_keys file on Server A. The directory permissions for ~/.ssh on Server A must be 0700 (e.g. drwx------)
(note: the other file permissions can be 0644)
The easiest way to get this all done from Server B is, after generating your key, is to scp (or rsync) your public key to Server A, either directly as ~/.ssh/authorized_keys if you have no other keys on Server A, or by copying your public key to Server A and using cat and redirection (in append, not truncate/replace, mode) add your public key to the existing ~/.ssh/authorized_keys file there, e.g.
If you have NO other public keys on Server A
scp ~/.ssh/id_rsa.pub Server_A:~/.ssh/authorized_keys
If you are Adding to existing ~/.ssh/authorized_keys on Server A
scp ~/.ssh/id_rsa.pub Server_A:~/.ssh/id_rsa.pub.B
ssh Server_A "cat ~/.ssh/id_rsa.pub.B >> ~/.ssh/authorized_keys"
(note: that ".B" was appended to the public key name when copying to Server A to prevent overwriting any existing id_rsa.pub on Server A. You can now delete ~/.ssh/id_pub.rsa.B on Server A -- it is now in ~/.ssh/authorized_keys`)
That's it. Now ssh Server_A from Server B should work without a password. (everything that relies on ssh works without a password between Server B and A as well, e.g. scp, rsync, etc...) If you have any problems, use ssh -vv Server_A to get debugging output of where the authentication fails.
One way you could do this is
$ scp <path to local file> <server address:server path>
or you can use
$ put <path to local file> <server address: server path>
Related
When spinning up a linux virtual machine, I have chosen the authentication type as password. Now I want to change to ssh. How to achieve this?
Thanks
You can use Azure portal to reset password, like this:
If you want to change authentication type, you can follow this steps:
1. Create an SSH key pair
ssh-keygen -t rsa -b 2048
2. rename id_rsa.put to authorized_keys
mv /home/user/.ssh/id_rsa.pub /home/user/.ssh/authorized_keys
3.Copy id_rsa to your local, then you can use this key to SSH it.
I am new to Ubuntu-Linux,i have to create a ssh user in remote system and generate its key. and access this system by key_file through the command.
ssh -i key_file user#host
Can any body tell me how can i do ?
On the system you are trying to connect to, the public key (usually id_rsa.pub or something similar) needs to be added to the authorized_keys file.
If the user is brand new and the authorized_keys file doesn't exist yet, this command will create it for you.
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Next just make sure sshd is running on the host and you should be able to connect with the command you posted.
on remote-server-
ssh-keygen
ssh-copy-id user#host
cd .ssh
make a copy of the file id_rsa and give any body who want to access this server/system.
on the other system
ssh -i id_rsa user#host
If you want to connect to another host as user "user", what you need is the public key of the user that is going to open that connection, i.e. the user you are logged in on your desktop computer or some server you are coming from, not for the user, you are logging in to on the remote host.
You can check, if the keys for your current user are already created in $HOME/.ssh; there you should find something like "id_rsa" and "id_rsa.pub" (for rsa keys). If they don't exist, you create them by calling
ssh-keygen -t rsa
The public key that is generated that way, id_rsa.pub in this example, has to be put in a file ${HOME of user on remote host}/.ssh/authorized_keys on the target host.
If this file does not exist on the remote host or if even .ssh does not exist, you have to create those files with the following permissions:
.ssh 700
.ssh/authorized_keys 600
See http://www.openssh.com/faq.html#3.14 for details.
A detailed description of the process can be found here:
https://help.github.com/articles/generating-ssh-keys/
i need to make passwordless login for same linux server with same user.
[airwide#eir ~]$ hostname -i
10.3.7.73
[airwide#eir ~]$ ssh airwide#10.3.7.73
airwide#10.3.7.73's password:
how can make to passwordless for same server?
Password-free login via SSH is managed using SSH keys. You can generate a keypair using the command ssh-keygen. The ssh keypair is usually stored in ~/.ssh in a pair of files named id_rsa and id_rsa.pub. When you use SSH to connect to a server, the SSH command will look for a private key in ~/.ssh/id_rsa, and will attempt to authenticate using that key. In order to authorize the key, you will need to place the public key into your authorized_keys file:
`cat ~/./ssh/id_rsa.pub >> ~/.ssh/authorized_keys`
Once you've done that, you will be able to use SSH to connect without a password from the server where the id_rsa file is to the server that has the content of id_rsa.pub in its authorized_keys file. (You can do this for same-server, as in your question, or between multiple servers. Either way, it's the same process.)
Add server's private key in known host key under .ssh folder.
You are looking for ssh keys. You can create one by entering ssh-keygen. This wil create a public key and a private key. You place the public key on the remote server, and then you can use SSH without a password.
More details, and howto:
https://wiki.archlinux.org/index.php/SSH_keys
I have two server
server1
server2
want to login server 2 from server 1,I added both pub key (ssh_host_rsa_key.pub) in one another server in .ssh/authorized_keys.
when i run #cd /etc/ssh;ls -ltr able to see below file
sshd_config
ssh_config
moduli
ssh_host_key.pub
ssh_host_key
ssh_host_rsa_key.pub
ssh_host_rsa_key
ssh_host_dsa_key.pub
ssh_host_dsa_key
Host keys ssh_host_rsa_key.pub are stored automatically by ssh in known_hosts files; they are not intended to be managed by the user.
The authorized_keys is intended for user identity files. What you really want to do is to use ssh-keygen to generate an identity file representing you:
ssh-keygen -t ecdsa
Two identity files are generated: the private key id_ecdsa and the public key id_ecdsa.pub. Copy the public key into server2's .ssh/authorized_keys.
If you created a passphrase for your identity files, that's what you will be using from now on. Otherwise, your login will be password-less.
How do you setup server to server SFTP to use public-key authentication instead of user account and password?
In the client you need to generate its public key and add it to server's authorized key list.
The following are the commands you can use.
On client machine
ssh-keygen -t dsa -f id_dsa
mv id_dsa* ~/.ssh/
scp ~/.ssh/id_dsa.pub USER_NAME#SERVER:~/.ssh/HOST_NAME.key
On the server
cat ~/.ssh/HOST_NAME.key >> ~/.ssh/authorized_keys2
Remember to
chmod 700 .ssh
and also
chmod 600 authorized_keys
This is a solution for windows users
I had a similar issue on windows so I used Putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
If you need to generate a public key then use:
http://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe
Then, when you want to automate a batch to download from the FTP server the Pageant in order to load the private key into session
http://the.earth.li/~sgtatham/putty/latest/x86/pageant.exe
Then use the PSFTP to connect and perform actions
http://the.earth.li/~sgtatham/putty/latest/x86/psftp.exe
So here is sample code for the batch:
!--Loading the key to session--!
#C:\pageant.exe "C:\privatekey.ppk"
!--Calling the PSFTP.exe with the uaser and sftp address + command list file--!
#C:\psftp user#your.server.address -b C:\sftp_cmd.txt
Command list file (sftp_cmd.txt) will like like this:
mget "*.*" !--downloading every thing
!--more commands can follow here
close
Now, all you need to to schedule it in scheduled tasks
*I wish it was simple as unix's cron job....