In this article, I’ll explain how to perform scp without entering the password using the SSH Public Key authentication. There will be requirements like you would like to transfer files from one server to another with scripts and run it as cronjob. There are two levels of security in the SSH key based authentication. In order for you to login, you need both the private key and the passphrase. Even if one of them is compromised, attacker still cannot login to your account, as both of them are needed to login. This is far better than typical password based authentication, where if the password is compromised, attacker can gain access to the system.
There are two ways to perform ssh and scp without entering the password:
- No passphrase. While creating key pair, leave the passphrase empty. Use this option for the automated batch processing. for e.g. if you are running a cron job to copy files between machines this is suitable option.
- Use passphrase and SSH Agent. If you are using ssh and scp interactively from the command-line and you don’t want to use the password everytime you perform ssh or scp, I don’t recommend the previous option (no passphrase), as you’ve eliminated one level of security in the ssh key based authentication. Instead, use the passphrase while creating the key pair and use SSH Agent to perform ssh and scp without having to enter the password everytime as explained in the steps below.
Step:1. Verify that local-host and remote-host is running openSSH
[local-host]$ ssh -V OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 [remote-host]$ ssh -V OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
Step:2. Generate key-pair on the local-host using ssh-keygen
[local-host]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/waseem/.ssh/id_rsa):<Hit enter> Enter passphrase (empty for no passphrase): <Enter your passphrase here> Enter same passphrase again:<Enter your passphrase again> Your identification has been saved in /home/waseem/.ssh/id_rsa. Your public key has been saved in /home/waseem/.ssh/id_rsa.pub. The key fingerprint is: The public key and private key are typically stored in .ssh folder under your home directory. In this example, it is under /home/waseem/.sshd. You should not share the private key with anybody.
Step:3. Install public key on the remote-host.
Copy the content of the public key from the local-host and paste it to the /home/waseem/.ssh/authorized_keys on the remote-host. If the /home/waseem/.ssh/authorized_keys already has some other public key, you can append this to the end of it. If the .ssh directory under your home directory on remote-host doesn’t exist, please create it.
[remote-host]$ vi ~/.ssh/authorized_keys
In simple words, copy the local-host:/home/waseem/.ssh/id_rsa.pub to remote-host:/home/jsmith/.ssh/authorized_keys
Step:4. Give appropriate permission to the .ssh directory on the remote-host.
[remote-host]$ chmod 755 ~/.ssh
[remote-host]$ chmod 644 ~/.ssh/authorized_keys
Step:5. Login from the local-host to remote-host using the SSH key
[local-host]$ <You are on local-host here> [local-host]$ ssh -l waseem remote-host
Last login: Sat Jun 07 2008 23:03:04 -0700 [remote-host]$ <You are on remote-host here>
Step:6 Verify SCP working without password from local server
scp testscpwithoutpassword.csv email@example.com:/home/waseem