Solved

Passwordless Rsync over SSH

Posted on 2015-01-23
16
177 Views
Last Modified: 2015-02-13
I have set up passwordless ssh to my server. I'm coming from OSX to Debian Linux.

a command like this works every time without prompting me for a pass:
ssh user@server.com

Open in new window

but this always prompts me:
 rsync -avz ssh /local_file.txt user@server.com:/remote_location/.

Open in new window


When I try to do an rsync over ssh, I always get prompted for my password. Why isn't this working correctly?

I used ssh-copy-id to get it set up originally.
0
Comment
Question by:dale_abrams
  • 7
  • 5
  • 4
16 Comments
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40567424
Think you're missing the -e parameter, can you try:

rsync -avz -e ssh /local_file.txt user@server.com:/remote_location/.
0
 
LVL 1

Author Comment

by:dale_abrams
ID: 40567431
I just tried adding the -e and it did not change anything.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40567474
Strange, I get an error when I leave out the -e and it works with. Both local file and remote location are accessible?
0
 
LVL 61

Expert Comment

by:gheist
ID: 40568607
Why you try to force use of SSH? It is default always.

Can you post output of ssh -v -v -v user@host (minus IPs, usernames etc.)?
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40568637
@gheist: ssh -vvv user@host (saves some typing ;)
0
 
LVL 1

Author Comment

by:dale_abrams
ID: 40569923
Here is the output of ssh -vvv user@host:

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to [HOST]  [IP ADDRESS] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/[USERNAME]/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/[USERNAME]/.ssh/id_rsa type 1
debug1: identity file /Users/[USERNAME]/.ssh/id_rsa-cert type -1
debug1: identity file /Users/[USERNAME]/.ssh/id_dsa type -1
debug1: identity file /Users/[USERNAME]/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "[HOSTNAME]" from file "/Users/[USERNAME]/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/[USERNAME]/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 137/256
debug2: bits set: 523/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA [SERVER HOST KEY]
debug3: load_hostkeys: loading entries for host "[HOSTNAME]" from file "/Users/[USERNAME]/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/[USERNAME]/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "[HOST IP]" from file "/Users/[USERNAME]/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/[USERNAME]/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys
debug1: Host '[HOSTNAME]' is known and matches the RSA host key.
debug1: Found key in /Users/[USERNAME]/.ssh/known_hosts:9
debug2: bits set: 501/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/[USERNAME]/.ssh/id_rsa (0x7fd26b200000),
debug2: key: /Users/[USERNAME]/.ssh/id_dsa (0x0),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1:  Miscellaneous failure (see text)
Error from KDC: LOOKING_UP_SERVER

debug1:  An invalid name was supplied
unknown mech-code 0 for mech 1 2 752 43 14 2

debug1:  Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 5 14

debug1:  Miscellaneous failure (see text)
unknown mech-code 2 for mech 1 3 6 1 4 1 311 2 2 10

debug1:  An unsupported mechanism was requested
unknown mech-code 0 for mech 1 3 5 1 5 2 7

debug1:  Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 2 5

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/[USERNAME]/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp [PUBLIC KEY]
debug3: sign_and_send_pubkey: RSA [PUBLIC KEY]
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to [HOSTNAME] ([HOST IP]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env MANPATH
debug3: Ignored env TERM_PROGRAM
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env TMPDIR
debug3: Ignored env Apple_PubSub_Socket_Render
debug3: Ignored env TERM_PROGRAM_VERSION
debug3: Ignored env TERM_SESSION_ID
debug3: Ignored env USER
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env __CF_USER_TEXT_ENCODING
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env XPC_FLAGS
debug3: Ignored env XPC_SERVICE_NAME
debug3: Ignored env HOME
debug3: Ignored env SHLVL
debug3: Ignored env LOGNAME
debug3: Ignored env SECURITYSESSIONID
debug3: Ignored env _
debug3: Ignored env OLDPWD
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

Open in new window

0
 
LVL 61

Expert Comment

by:gheist
ID: 40570066
It logs in ok using SSH public key?
try adding more -v 's to rsync until it shows ssh command line it calls:
must be ssh -l user host rsync --server
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40570308
Looks like it is logging in using known_hosts, no ssh keys are setup? Create a keypair and store public key on destination host in ~/.ssh/authorized_keys - then try again.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Author Comment

by:dale_abrams
ID: 40573374
I have already transferred my key pair using ssh-copy-id. Do I need to remove something that is preventing the authorized_keys file to work?
0
 
LVL 61

Expert Comment

by:gheist
ID: 40573725
key pair transfer was wrong . delete keys and make new pair as private key is your password.
0
 
LVL 1

Author Comment

by:dale_abrams
ID: 40604361
Sorry for the delay. gheist, can you tell me why the key pair transfer was wrong? I have since transferred them again using ssh-copy-id and the same problem persists.
Thanks!
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40604437
I never use ssh-copy-id - I always copy the string from one session to another, pasting it in the authorized_keys file - did you try that?
0
 
LVL 61

Expert Comment

by:gheist
ID: 40604646
Transferring private key is like shouting your root password on the full size speakers...
0
 
LVL 37

Accepted Solution

by:
Gerwin Jansen earned 500 total points
ID: 40606531
>> I have already transferred my key pair using ssh-copy-id
ssh-copy-id is only copying the local hosts' public key to the remote hosts' authorized_keys file

Did you perhaps specify a password when you were generating the new keypair? If you did then it will keep on asking you that password when you use the key. If that's the case, generate a new keypair without password and retry.
0
 
LVL 1

Author Closing Comment

by:dale_abrams
ID: 40608039
The password on the SSH keys was the problem. Thanks Gerwin!
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40608341
You're welcome ;)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now