• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

Create Keys used to scp file from one server to another

I have some a file that I run on one server by a cron job.

Originally I had a file in my home dir "/home/user/update.sh" In that file I have a command to scp a file to my web server. I created keys so that a prompt for a password would not fail. The files were created in "/home/user/.ssh/id_rsa" and "/home/user/.ssh/id_rsa.pub". Then I copy the "id_ras.pub" to my webserver using the command "scp .ssh/id_rsa.pub user@site.com:.ssh/authorized_keys"

This all worked fine. But now the Sys Admin changed some things and all the cron job are now located in "/home/rootcrons/updates/update.sh but the files I need to scp are still in "/home/user/*"

It failed because of the Keys. My questions is hwo can I fix this? Do I have to create new keys for "/home/rootcrons/update/*" ? Or can the keys stay in "/home/user/.ssh/id_rsa" and "/home/user/.ssh/id_rsa.pub". Where does the file look for the key or the ".ssh folder"?
0
SaltyDawg
Asked:
SaltyDawg
  • 7
  • 3
  • 2
1 Solution
 
TintinCommented:
ssh keys by default are stored in the .ssh directory under the user's home directory.

It doesn't matter where the cronjobs are located, as the scp just uses the keys in /home/user/.ssh

What is failing?
What error message/s are you getting?
0
 
SaltyDawgAuthor Commented:
Ok thanks for that info I think I know what's wrong now. I'll check it out and let you know if thats it.
0
 
Maciej SsysadminCommented:
You can always provide full path to your private key with -i option:
scp -i /path/to/you/private/key file.to.copy user@remote.server:.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
SaltyDawgAuthor Commented:
ok my question

If I run this file:
/home/crons/updates/update.sh
---------------
and within this file I have this script which runs the following file:
#!/bin/bash
php /home/myuser/towebupdate.php
--------------
and within this file I have this script:
scp reportstatement-replace.sql user@mysite.com:mysql/reportstatement-replace.sql
-------------
which is located:
/home/myuser/reportstatement-replace.sql
------------

where should my keys be placed!

Here?
/home/crons/.ssh/id_rsa.
/home/crons/.ssh/id_rsa.pub.
-----------------
Here?
/home/crons/update/.ssh/id_rsa.
/home/crons/update/.ssh/id_rsa.pub.
----------------
Here?
/home/myuser/.ssh/id_rsa.
/home/myuser/.ssh/id_rsa.pub.


Thanks

0
 
SaltyDawgAuthor Commented:
I see your option of specifying the path:
scp -i /path/to/you/private/key file.to.copy user@remote.server:.

but by default how would it work? However would specifying the path be best say if the .sh file in the one directory yet the scp files are in another directory?

Thanks
0
 
Maciej SsysadminCommented:
By default ssh is looking for keys in $HOME/.ssh directory (exactly as Tintin wrote). If you are running this script from root's crontab, ssh will look for private key in root's home directory/.ssh/key (where key is "identity" for ssh1, and "id_rsa" and "id_dsa" for ssh2).

If you have keys in some nondefault place, then you have specify full path to it with -i option, or - you can create appropriate config file ($HOME/.ssh/config) and define path to your key. (Where $HOME is home directory of user, who runs the script).
Example $HOME/.ssh/config:
Host remote.server
IdentityFile /path/to/your/private/key
0
 
SaltyDawgAuthor Commented:
So If I would specify the path it would look like this?

scp -i /home/myuser/.ssh/id_rsa.pub reportstatement-replace.sql user@mysite.com:mysql/reportstatement-replace.sql
0
 
Maciej SsysadminCommented:
This should work regardless of user running the script (as long as this user has read access to specified files of course :))

As this is in script, I would also add full path to file you are uploading.
0
 
SaltyDawgAuthor Commented:
using this:
scp -i /home/myuser/.ssh/id_rsa.pub reportstatement-replace.sql user@mysite.com:mysql/reportstatement-replace.sql

I got a warning:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/user/.ssh/id_rsa.pub' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/user/.ssh/id_rsa.pub
Enter passphrase for key '/home/user/.ssh/id_rsa.pub':
0
 
SaltyDawgAuthor Commented:
I was also getting Permission Denied

I created the key under /home/myusername/

but root is executing. Could the key be trying to authenticate root and its not matching myusername?
0
 
TintinCommented:
What user is the cronjob running as?  If it is 'myuser', then you don't need to specify any paths as it will be looking in /home/myuser/.ssh

As for permissions, make sure the .ssh directory has 700 perms and id_rsa has perms of 600
0
 
SaltyDawgAuthor Commented:
Thanks for the help
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now