Date: Fri, 04 Oct 2002 15:48:56 -0400 From: Gerard Samuel <gsam@trini0.org> To: Kevin Oberman <oberman@es.net> Cc: FreeBSD Questions <questions@FreeBSD.ORG> Subject: Re: passwordless scp and cronjobs Message-ID: <3D9DF0A8.7040508@trini0.org> References: <20021004181602.B65005D04@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I started the whole process again and added the SSH2 option to the command line which now looks like this -> scp -o 'Protocol=2' -v ~/temp/file.zip sys_dev@hivemind: Towards the bottom you'll see its trying authentication methods, using the public key as the first option. I would tend to believe if all were well, it shouldn't have to go past that point. Ill try messing around some more with the ssh options and report back. Thanks Here is the output of the ssh debug -> -------------------------------- Executing: program /usr/bin/ssh host hivemind, user sys_dev, command scp -v -t . OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090605f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to hivemind.trini0.org [192.168.0.2] port 22. debug1: Connection established. debug1: identity file /home/gsam/.ssh/id_rsa type 1 debug1: identity file /home/gsam/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 FreeBSD-20020702 debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 FreeBSD-20020702 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 121/256 debug1: bits set: 1602/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'hivemind.trini0.org' is known and matches the DSA host key. debug1: Found key in /home/gsam/.ssh/known_hosts:6 debug1: bits set: 1573/3191 debug1: ssh_dss_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try pubkey: /home/gsam/.ssh/id_rsa debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: try privkey: /home/gsam/.ssh/id_dsa debug1: next auth method to try is keyboard-interactive Password: Kevin Oberman wrote: >>Date: Fri, 04 Oct 2002 13:31:56 -0400 >>From: Gerard Samuel <gsam@trini0.org> >>Sender: owner-freebsd-questions@FreeBSD.ORG >> >>A few months ago, I had a cron job scp a file to another box within my >>lan. It worked great and things were good. >>I dont remember why I turned it off, but Im trying to set it back up. >>Both boxes are running FBSD 4.6.2-Release. >>On the sending box -> >>1. ssh-keygen -t rsa //Accept the defaults and leave the passphrase empty. >>2. scp id_rsa.pub sys_dev@hivemind: //SCP the public key over to the >>recieving box to the user who is going to recieve the file from the cron >>job. >> >>On the recieving box -> >>1. cp id_rsa.pub .ssh/authorized_keys2 // Copy the sender's public key >>to .ssh/authorized_keys2 >> >> From the sending box, I run my script using the -v option to scp to be >>verbose. >>Here is the output of the script -> >>---------------------------- >>Executing: program /usr/bin/ssh host hivemind, user sys_dev, command scp >>-v -t . >>OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090605f >>debug1: Reading configuration data /etc/ssh/ssh_config >>debug1: Applying options for * >>debug1: Rhosts Authentication disabled, originating port will not be >>trusted. >>debug1: ssh_connect: needpriv 0 >>debug1: Connecting to hivemind.trini0.org [192.168.0.2] port 22. >>debug1: Connection established. >>debug1: identity file /home/gsam/.ssh/identity type -1 >>debug1: identity file /home/gsam/.ssh/id_rsa type 1 >>debug1: identity file /home/gsam/.ssh/id_dsa type -1 >>debug1: Remote protocol version 1.99, remote software version >>OpenSSH_3.4p1 FreeBSD-20020702 >>debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH* >>debug1: Local version string SSH-1.5-OpenSSH_3.4p1 FreeBSD-20020702 >>debug1: Waiting for server public key. >>debug1: Received server public key (768 bits) and host key (1024 bits). >>debug1: Host 'hivemind.trini0.org' is known and matches the RSA1 host key. >>debug1: Found key in /home/gsam/.ssh/known_hosts:1 >>debug1: Encryption type: 3des >>debug1: Sent encrypted session key. >>debug1: cipher_init: set keylen (16 -> 32) >>debug1: cipher_init: set keylen (16 -> 32) >>debug1: Installing crc compensation attack detector. >>debug1: Received encrypted confirmation. >>debug1: Doing password authentication. >>sys_dev@hivemind.trini0.org's password: >>-------------------------- >> >>Could someone point out to me where Im going wrong with this to have the >>cron job complete successfully without entering a password. >>Thanks. >> >> > >The most obvious thing is that you generated SSH V2 RSA keys, but the >connection in the example used SSH V1 and is only interested in V1 keys. > >Check the "Protocol" line in $HOME/.ssh/config and/or >/etc/ssh/ssh_config on the client side and /etc/ssh/sshd_config on the >server side and make sure both use V2. > >You can force SSH V2 with -oProtocol=2 on the command line according >to the man page. I have not tried this. > >R. Kevin Oberman, Network Engineer >Energy Sciences Network (ESnet) >Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) >E-mail: oberman@es.net Phone: +1 510 486-8634 > > > > -- Gerard Samuel http://www.trini0.org:81/ http://dev.trini0.org:81/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D9DF0A8.7040508>