Solved

HowTo: use scp in batch mode

Posted on 2004-04-22
3
32,967 Views
Last Modified: 2013-12-16


I am currently using scp manually to update different files from one host to 3 other hosts : at connection my password is requested and I enter it

I want to setup crontab to do so.

How can I configure scp to avoid password propmpting. I understand I have to use

scp -B -i identity_file cpThisFile root@10.0.0.1/targetFile

How do I generate identity_file for the 3 different targets and where should it be created

The purpose is to propagate IMSS rules, copy /etc/hosts, /etc/postfix/transportList etc from one master to slaves,

If full instruction and readymade scripts, same amount of points will be available


Stefri
0
Comment
Question by:stefri
3 Comments
 
LVL 2

Accepted Solution

by:
astrand earned 250 total points
ID: 10893553
(Assuiming OpenSSH) On the client, run:

ssh-keygen -t dsa

Press Enter on all questions. Copy .ssh/id_dsa.pub to the remote host(s), to the file .ssh/authorized_keys.

Normally, you do not need to use the -i argument, but if you want, it should point to the file ~/.ssh/id_dsa.

You might need to adjust permissions on .ssh/authorized_keys to mode 0600.
0
 
LVL 3

Expert Comment

by:tolgadalkilic
ID: 10893566
from the note at the address:
http://www.linuxquestions.org/questions/showthread.php?s=&postid=838460#post838460

i am copy pasting:

---------------------------------------------------------------------------------------------------------
Hi.

On the machine that you want to log into without a password you should have the public key that was generated by running ssh-keygen on the machine that you want to connect from.
The private key stays on the machine that you are connecting from.
The ~/mark/.ssh directory should have 700 permissions, owner mark, group users
The id_dsa.pub should be called just that, the id_dsa private key has to know what to look for.

Cat the key (id_dsa.pub) to an empty authorized_keys file

Here is my sshd_config



# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes

# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
#UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

Good luck, take it step by step and it will work.

#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-------------------------------------------------------------------------------------------------------
0
 
LVL 13

Author Comment

by:stefri
ID: 10897623
Thank you to both but astrand was the first to answer by 1 minute

If I understood well:

ssh-keygen -t dsa
Geerates two files: ~/.ssh/id_dsa and ./ssh/id_dsa.pub
Copy with scp to the target machine id_dsa.pub into .ssh/authorized_keys
Set permissions on .ssh drw----
Repeat the process for each target
use scp -B theFile user@target/thatFile in my crontab


Stefri
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now