[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

HowTo: use scp in batch mode

Posted on 2004-04-22
3
Medium Priority
?
33,323 Views
Last Modified: 2013-12-16


I am currently using scp manually to update different files from one host to 3 other hosts : at connection my password is requested and I enter it

I want to setup crontab to do so.

How can I configure scp to avoid password propmpting. I understand I have to use

scp -B -i identity_file cpThisFile root@10.0.0.1/targetFile

How do I generate identity_file for the 3 different targets and where should it be created

The purpose is to propagate IMSS rules, copy /etc/hosts, /etc/postfix/transportList etc from one master to slaves,

If full instruction and readymade scripts, same amount of points will be available


Stefri
0
Comment
Question by:stefri
3 Comments
 
LVL 2

Accepted Solution

by:
astrand earned 1000 total points
ID: 10893553
(Assuiming OpenSSH) On the client, run:

ssh-keygen -t dsa

Press Enter on all questions. Copy .ssh/id_dsa.pub to the remote host(s), to the file .ssh/authorized_keys.

Normally, you do not need to use the -i argument, but if you want, it should point to the file ~/.ssh/id_dsa.

You might need to adjust permissions on .ssh/authorized_keys to mode 0600.
0
 
LVL 3

Expert Comment

by:tolgadalkilic
ID: 10893566
from the note at the address:
http://www.linuxquestions.org/questions/showthread.php?s=&postid=838460#post838460

i am copy pasting:

---------------------------------------------------------------------------------------------------------
Hi.

On the machine that you want to log into without a password you should have the public key that was generated by running ssh-keygen on the machine that you want to connect from.
The private key stays on the machine that you are connecting from.
The ~/mark/.ssh directory should have 700 permissions, owner mark, group users
The id_dsa.pub should be called just that, the id_dsa private key has to know what to look for.

Cat the key (id_dsa.pub) to an empty authorized_keys file

Here is my sshd_config



# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCreds yes

# Set this to 'yes' to enable PAM authentication (via challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication'
#UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

Good luck, take it step by step and it will work.

#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-------------------------------------------------------------------------------------------------------
0
 
LVL 13

Author Comment

by:stefri
ID: 10897623
Thank you to both but astrand was the first to answer by 1 minute

If I understood well:

ssh-keygen -t dsa
Geerates two files: ~/.ssh/id_dsa and ./ssh/id_dsa.pub
Copy with scp to the target machine id_dsa.pub into .ssh/authorized_keys
Set permissions on .ssh drw----
Repeat the process for each target
use scp -B theFile user@target/thatFile in my crontab


Stefri
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month20 days, 11 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question