Kevin Donnelly wrote:
I want to have a script shift some files from one part of a webserver to another, and it therefore needs to use ssh. I usually login using: ssh -l <username>
and then give the password. I assume it's not possible to do this in the script, so I tried using ssh-keygen to generate a public/private keypair. I then uploaded $HOME/.ssh/identity.pub to $HOME/.ssh/authorized_keys on the webserver. I was under the impression that this would allow login without asking for the password (from the manpage: "After this, the user can log in without giving the password."). But in fact I am still asked for the passphrase. Is this because the user I am locally is different from the user I am on the webserver? Have I missed something out? TIA
Kevin
I just attempted what I think you tried manually and it worked fine for me. Are you also unable to do this manually? I assume needless to say, you saved the new keypair as ~/.ssh/identity on the account you're testing from? (ssh -i ~/.ssh/<insecure-private-key-file> also works). Are you ever able to log in without typing the account's password to the target host? (i.e., has ssh-agent ever enabled you to log in there without retyping the password each time you log in?) Make sure that the permissions on the target's authorized_keys and identity file are 600 or 400,and that the permissions on the target's .ssh are 700. Those should take care of the most paranoid /etc/ssh/sshd_config. If you can read /etc/ssh/sshd_config on the target machine, it may be helpful. --Steve Augart