scp without authentication and ssh with authentication?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
scp without authentication and ssh with authentication?
Hi,
When we generate a rsa key it is working for both ssh and scp with out authentication. Is it possible to copy a file or directory from a remote server as a user to local machine with out password using scp and at the same time if we are login using ssh it should prompt for password.
You should use a pass phrase to protect your private key. If you use ssh-agent, you only have to enter the pass-phrase once per shell session.
Code:
eval $(ssh-agent)
ssh-add
This will unlock your private key and you can scp or login without a pass phrase.
I don't know how you have the ssh server configured, but if you have both public key authentication and password authentication, I think it will ask for a password before trying public key authentication. You would allow an attacker to use a brute force attack. Stick with public key authentication.
I would also suggest using "AllowUsers", disable root logins and only allow Protocol 2.
If cron has a problem it usually emails the crontab owner and/or root with a description of the problem.
Use the cli cmds mail or mailx to check.
Also, ad 1,2 or 3 -v options to the scp cmd for debug output.
ssh-add needs a pass phrase to be entered. Crontab can be used by a normal user if that user is listed in cron.allow. However, I don't know if cron runs the user's table as that user. Even if it does, the user's environment in the session where "crontab" is run is not the environment used by the cron command. So if you must use cron, then you probably want to use a null pass phrase for your key. Even if you could automate the entry of the passphrase, you would need to have it listed in a file somewhere. So if a cracker can compromise your key, he would as likely to get your passphrase at the same time.
You might consider using a seperate key set for using with cron. (the -i option to ssh to load an identity from a nonstandard location) This way you could use one for where you need to use cron but have a better passphrase protected key for when you manually use ssh.
I was suggesting using a passphraseless key pair when using cron, and a stronger pair for using ssh manually. This would allow you to use a protected private key when logging into remote hosts that you don't use use cp with cron.
For cron backup jobs, the host keys are often used instead and the job runs as root.
The -i option is for using a different public/private key pair. It doesn't load the passphrase. You don't want a passphrase written in a file. That defeats its purpose of protecting the private key.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.