Mailinglist Archive: opensuse-security (616 mails)
| < Previous | Next > |
Re: [suse-security] SCP from Server to Server without Password ??
- From: Alex Levit <alex@xxxxxxxxxxx>
- Date: Mon, 11 Mar 2002 07:52:53 -0800
- Message-id: <200203111600.g2BG0HR06240@xxxxxxxxxxxxxxx>
On Monday 11 March 2002 05:55, Reckhard, Tobias wrote:
> > We do that with "scp". I´ve read that i can switch of the ugly
> > password-questions by generating ssh keys at both servers and
> > copying the
> > public keys to each other server.
>
> The private keys need to have an empty passphrase, though.
>
> > I did so, but the password-questions are still there.
>
> You can get rid of those by disabling password authentication. Only do so
> when you've got public-key authentication running reliably, though, or
> you'll risk locking yourself out.
>
> > Does anyone know how to install the keys at the right
> > position and what to
> > do to get this running ? Is there a tutorial or a description
> > how to make
> > an automated copying from one server to another without
> > password (via ssh?)
>
> See 'man ssh', 'man sshd' and 'man ssh-keygen'. Look for the public-key
> authentication options and the authorized_keys[2] file format.
>
> I recommend you use rsync in combination with SSH as a transport in place
> of scp. It allows you to switch to SSHv2, only performs incremental
> updates, and you can restrict the passphrase-less private key to the
> relevant rsync operation only. Mail me if you can't figure out how to do
> this yourself (after having tried at least a bit on your own, though,
> please).
>
> Tobias
One more advantage of rsync over scp, you can use data compression when
working with slow connection. :-)
I thought I add my two cents.
--
Alex Levit
Senior Network Engineer
Kel-Tek Inc.
TEL: 626-571-6927
FAX: 626-571-8794
'Alex@xxxxxxxxxxx'
> > We do that with "scp". I´ve read that i can switch of the ugly
> > password-questions by generating ssh keys at both servers and
> > copying the
> > public keys to each other server.
>
> The private keys need to have an empty passphrase, though.
>
> > I did so, but the password-questions are still there.
>
> You can get rid of those by disabling password authentication. Only do so
> when you've got public-key authentication running reliably, though, or
> you'll risk locking yourself out.
>
> > Does anyone know how to install the keys at the right
> > position and what to
> > do to get this running ? Is there a tutorial or a description
> > how to make
> > an automated copying from one server to another without
> > password (via ssh?)
>
> See 'man ssh', 'man sshd' and 'man ssh-keygen'. Look for the public-key
> authentication options and the authorized_keys[2] file format.
>
> I recommend you use rsync in combination with SSH as a transport in place
> of scp. It allows you to switch to SSHv2, only performs incremental
> updates, and you can restrict the passphrase-less private key to the
> relevant rsync operation only. Mail me if you can't figure out how to do
> this yourself (after having tried at least a bit on your own, though,
> please).
>
> Tobias
One more advantage of rsync over scp, you can use data compression when
working with slow connection. :-)
I thought I add my two cents.
--
Alex Levit
Senior Network Engineer
Kel-Tek Inc.
TEL: 626-571-6927
FAX: 626-571-8794
'Alex@xxxxxxxxxxx'
| < Previous | Next > |