Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

This is in AIX .I am trying to make scp between two serves without password

Posted on 2010-01-07
28
Medium Priority
?
1,421 Views
Last Modified: 2013-12-21
This is in AIX .I am trying to make scp between two serves without password..both the servers have the same username..I did generate the files
id_rsa
id_rsa.pub

but when i try to copy this files
ssh-copy-id -i ~/.ssh/id_rsa.pub vish@'bulk'
ksh: ssh-copy-id:  not found

how to copy the file ..how to make it work..both are aix 5.3 servers..Please provide all steps as how to make this command work and how to copy the files

0
Comment
Question by:aixtutorial
  • 14
  • 12
  • +1
28 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 26203202
you need to create trust between the two accounts by generating keys on one server and copying the public key to the other. please see

http://sshkeychain.sourceforge.net/mirrors/SSH-with-Keys-HOWTO/
http://sshkeychain.sourceforge.net/mirrors/SSH-with-Keys-HOWTO/SSH-with-Keys-HOWTO-4.html
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26203252
Hi again,

the ssh-copy-id script is not available on AIX.

Simply copy the file over using scp:

scp ~/.ssh/id_rsa.pub vish@bulk:/home/of/vish/.ssh/id_rsa.pub.tmp

(with password authentication, of course).

Then append the key to the authorized_keys file (again with password authentication, for the last time)

ssh  vish@bulk "cat /home/of/vish/.ssh/id_rsa.pub.tmp >>  /home/of/vish/.ssh/authorized_keys ; rm /home/of/vish/.ssh/id_rsa.pub.tmp"

Take care that the .ssh subdirectory has permissions 600, the authorized_keys file should have 644.

If you're not sure, issue

ssh  vish@bulk "chmod 600 /home/of/vish/.ssh ; chmod 644  /home/of/vish/.ssh/authorized_keys"

This should do the trick.

wmp



0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26208062
OK,
I found the script for you. It's publicly available here - http://anoncvs.mindrot.org/index.cgi/openssh/contrib/ssh-copy-id?revision=1.7&view=co
I checked it - most probably it will work on any AIX without modification.
Since it's rather short I'll attach it for your convenience. Save the .txt file as ssh-copy-id , make it executable by issuing chmod +x ssh-copy-id and go!
wmp

ssh-copy-id.txt
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:aixtutorial
ID: 26211617
ls -l ~/.ssh
-rw-------    1                                     1675 Jan  7 18:02 id_rsa
-rw-r-----    1                                      398 Jan  7 18:02 id_rsa.pub
-rw-r--r--    1                                     2664 Jan  7 17:47 known_hosts
I am not getting the autorizations keys
where would i find them and one more thing ..I crated the file ssh-copy-id  put your script in there when i run your script it says
Permission denied
ksh: .ssh/authorized_keys: cannot create

So what  can be done ..It stil  prompts me fro the passwors and the authorization keys ..I cant view ..How to make it work

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26274057
Hi,

your local directory looks good. Both id files, private and public, are there.
It seems that you don't have the permissions to write to the remote directory.

Are you actually the same user ("vish"?) on both machines (important: same numerical userid)?

To check, please issue "id" at the local machine, then ssh to the remote machine ("bulk"?) with the userid you're planning to work with, issue "id" again and compare the results.

If they're indentical, check ownership and permissions of the remote .ssh subdirectory and its contents by issuing "ls -l $HOME" and looking for ".ssh", and by issuing "ls -l $HOME/.ssh" and looking for "authorized_keys"

.ssh should have "drw-------", authorized_keys should have "-rw-r--r--"
Both files should belong to "vish" (the userid appearing in your command "ssh-copy-id -i ~/.ssh/id_rsa.pub vish@bulk")

If all conditions I've mentioned here are met, this command should now succeed.

wmp
0
 

Author Comment

by:aixtutorial
ID: 26275414
After copying your scrip ssh-copy -id and running it

ssh-copy-id -i ~/.ssh/id_dsa.pub vish@'bulk'
Now try logging into the machine, with "ssh 'vish@bulk'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

ssh-copy-id[50]: syntax error at line 51 : `done' unexpected

both the users have the same name on 2 servers
vish
uid=7000(vish) first server
uid=8001(vish) second server

I tried to scp after that but it is still promptung for password..Please post all the steps as you have tried to do scp on aix boxes..so that  I could try the same  ..for some reason its not working for me..please post it asap
0
 
LVL 48

Expert Comment

by:Tintin
ID: 26275889
Here's the full list of steps

On server 1 as user vish

ssh-keygen -t dsa

(Press Enter for all the prompts)

copy ~/.ssh/id_dsa.pub to server 2 and put into

~/.ssh/authorized_keys

Make sure perms on the .ssh directory are 700 on both servers.

That's all you should need to do.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 26275905
OK,

first, the 'done unexpected' thing is no real problem. Just change the last line from 'done' to 'exit'.
You don't need to run the script again, it has done what is was supposed to do.

Second, please forget 'scp' for a while. We will first try to get 'ssh' connecting without password. The ssh-based scp will then work as well.


Please login to 'bulk' by issuing "ssh vish@bulk". If I understood you right, you will have to enter your password for this.

Note - all files and directories which I will mention in the following must be owned by 'vish'!

Once logged in to 'bulk', issue

ls -l ..

You should see the entry for your home directory somewhere. It should not be group- or world-writable (i.e no "w" in the 6th or 9th position of the permissions field)!

If permissions are not correct (or just to be sure), issue

chmod go-w $HOME

Next, issue

ls -la $HOME | grep "\.ssh"  

Note the quotes ( " " ) and the backslash ( \ )!

You should see a line containing

drwx------  2 vish   (group)        256   Mmm dd hh:mm  .ssh

with (group) being the group you belong to (irrelevant here), Mmm dd hh:mm being date and time.

If you see other permissions than 'drwx------' please issue "chmod 700 $HOME/.ssh"

Next, issue

ls -la $HOME/.ssh/authorized_keys

You should see a line containing

-rw-------  1 2 vish   (group)        (nnn)   Mmm dd hh:mm  authorized_keys

again with (group) being the group you belong to (irrelevant here), (nnn) being the filesize and
Mmm dd hh:mm being date and time you last ran ssh-copy-id.

If you see other permissions than '-rw-------' please issue "chmod 600 $HOME/.ssh/authorized_keys"

Next, issue

cat $HOME/.ssh/authorized_keys

Assuming "firstserver" was the name of the server you came from (the server you ran ssh-copy-id on), you should see a last (or only) block in that file starting with

ssh-rsa ....

and ending with

.... vish@firstserver

If this is not the case, please go back to firstserver (i.e. logout from 'bulk'), change the last line of ssh-copy-id from 'done' to 'exit' and rerun the script.

Then login again to 'bulk' using "ssh vish@bulk"

This should now finally work without having to enter a password, and scp should thus work too.

wmp




0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26275911
OK, that's what I overlooked -

of course you must run

ssh-copy-id -i ~/.ssh/id_rsa.pub vish@bulk

because you don't have an id_dsa.pub !!!

If you wish to get one, follow Tintin's "ssh-keygen" suggestion!



0
 

Author Comment

by:aixtutorial
ID: 26336401
Hi all,
Let me give you a clear picture of whats happening,This is in AIX and I have siebel running on 2 servers with a same service id:siebnr  ..With all your help I tried with my login which is nywvur01 ..This id is in both the servers..when i do
cd .ssh
and ls   ifind authorized keys and was able to copy id_dsa.pub to another server with the script ssh-copy-id..and it works.I can now ssh fron one sercer 1 to 2 ...only with that id

and now  coming tom the point ..I want the ssh to be done by the service id:siebnr  .On server one its home is /siebap/siebel and on server 2 its home is /siebap
when i do
cd home      and
cd .ssh
all I can see is known_hosts and no authorized_keys....I do ssh-keygen -t dsa  and it generate the files
id_dsa
id_dsa.pub

with your script I try to do ssh-copy-id
it gives an error
ksh authorized keys not found.
I tried
cp id_dsa.pub authorized_keys and so ssh-copy-id                            didnt work
also i tired another way
cp  id_dsa.pub authorized_keys  and ssh-copy-id                              didnt work

Please post the steps to overcome this issue..which i am having for a while now
0
 

Author Comment

by:aixtutorial
ID: 26336406
I also tried to do the ssh from nywvuro1   to siebnr..it didnt work either
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26336752
The script ssh-copy-id cannot give the error "authorized_keys not found". This message text ist not contained in it.

You should repeat all the steps I posted in # 26275905 above, with the userid replaced by the desired one.
0
 

Author Comment

by:aixtutorial
ID: 26338077
I followed the same thing of yours 26275905  as above
ls -la $HOME/.ssh/authorized_keys
while given this step
it throws an error
/siebap/siebe/authorized_keys not found...

what can be done to get out of this issue and make it working..Kindly provide steps to address this issue and make the ssh running

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26340688
If $HOME/.ssh/authorized_keys does not exist on the target server 2, you need to create it by running the ssh-copy id script from the source server 1, specifying the designated userid siebnr.
Assuming the public key of siebnr on server 1 is /siebap/siebel/.ssh/id_dsa_pub and you're planning to use the same userid on server 2,  login on server 1 (where the already generated key is) as siebnr and issue
ssh-copy -id -i /siebap/siebel/.ssh/id_dsa_pub siebnr@server2
This should create at server 2 the .ssh subdirectoy in /siebap as well as the authorized_keys file therein.
After having done this, follow again my famous instructions in # 26275905 to check whether all went well and whether permissions are correct on server 2.
Should you plan to ssh (scp) also from server 2 to server 1, login on server 2 as siebnr, create the keys and run ssh-copy-id from server 2, specifying the just created key and the same userid as on server1 -
ssh-copy -id -i /siebap/.ssh/id_rsa_pub siebnr@server1
Now (guess!) again follow # 26275905, this time on server 1
Let's see how far we get.
wmp
0
 

Author Comment

by:aixtutorial
ID: 26341986

ssh-copy -id -i /siebap/siebel/.ssh/id_dsa_pub siebnr@server2
when did this on server1
siebnr@server2's password:
ksh: sh/authorized_keys:  not found

the authorized_keys are not being generated on server2..

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26342054
Would you please post the script ssh-copy-id here?
I can't imagine that this script in the form as  I gave it to you would throw such an error.
0
 

Author Comment

by:aixtutorial
ID: 26344115
"ssh-copy-id"
#!/bin/sh

# Shell script to install your public key on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

ID_FILE="${HOME}/.ssh/id_rsa.pub"

if [ "-i" = "$1" ]; then
  shift
  # check if we have 2 parameters left, if so the first is the new ID file
  if [ -n "$2" ]; then
    if expr "$1" : ".*\.pub" > /dev/null ; then
      ID_FILE="$1"
    else
      ID_FILE="$1.pub"
    fi
    shift         # and this should leave $1 as the target name
  fi
else
  if [ x$SSH_AUTH_SOCK != x ] ; then
    GET_ID="$GET_ID ssh-add -L"
  fi
fi

if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
  GET_ID="cat ${ID_FILE}"
fi

if [ -z "`eval $GET_ID`" ]; then
  echo "$0: ERROR: No identities found" >&2
  exit 1
fi

if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2    ##tried siebnr@server2   as well didnt work
  exit 1
fi

{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .s
sh/authorized_keys" || exit 1

cat <<EOF
Now try logging into the machine, with "ssh '$1'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

EOF
exit
tried both exit and done
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26344168
You have a line break here -

{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .s
sh/authorized_keys" || exit 1

This must read

{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1

That's why I recommend never to copy and paste but to download!!


0
 

Author Comment

by:aixtutorial
ID: 26345672
I have made the hange in the script and executed it


Now try logging into the machine, with "ssh 'user@xxxxxx47'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

then i did     ssh siebnr@server2

siebnr@server2  password:Last unsuccessful login: Mon Jan 18 23:50:40 GMT 2010 on ssh from  server1
 
and then ls -la $HOME/.ssh/authorized_keys
I can see authorized_keys
the permissions ,group owner are the samee.

but now when i do ssh siebnr@xxxxxx47
it is still asking for password...please tell me what to do next..thanks for steps
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26347396
<P>A common problem (and often overlooked) are the permissions of $HOME itself.</P><P>So log in with siebnr@xxxxxx47 (with passsword, sure) and issue </P><P><STRONG>cd</STRONG></P><P><STRONG>ls -l ..</STRONG></P><P>You should see the entry for your home directory somewhere in the list. It should<STRONG> not</STRONG> be group- or world-writable (i.e no "w" in the 6th or 9th position of the permissions field)!</P><P>And please double-check all permissions as I wrote in (guess!)  # 26275905</P><P>wmp<BR><BR> </P>
0
 

Author Comment

by:aixtutorial
ID: 26351118
I issued this command
chmod 600 $HOME/.ssh/authorized_keys
and also checked the permisions
-rw-------    1 siebnr  sieb            606 Jan 18 23:54 authorized_keys

after changing the permissions I tried to make a ssh user@server2

It is still asking for the password..What am I missing..Can you please taka a look
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26351145
What about the $HOME directory (the one above .ssh) ?
0
 

Author Comment

by:aixtutorial
ID: 26351359
the $HOME is 600 as well
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26351426
Remains the .ssh directory itself. Permissions? Owner?
I see that the authorized_keys file belongs to siebnr.
When you write  >> I tried to make a ssh user@server2 << - I hope user is indeed siebnr?

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26351466
I need to leave for a while. Please give me 1-2 hrs. or so!
0
 

Author Comment

by:aixtutorial
ID: 26351533
yes the user is siebnr on both the servers..have a nice time
0
 

Author Comment

by:aixtutorial
ID: 26351616
Its working..just a quick update was playing with the permissions and checked its working from server1 to server2...but one last help how to make it work from server2 to server1..Thanks
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 26352451
Congrats!

>> how to make it work from server2 to server1 <<

That's just the same way, in the opposite direction.

Create keys on server2, use ssh-copy-id on server2 to get the pub part to server1 (specifying the desired  target user),
check ownership and permissions on server1 and that's it.

wmp
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month11 days, 17 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question