Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 04 Oct 2002 11:16:02 -0700
From:      "Kevin Oberman" <oberman@es.net>
To:        Gerard Samuel <gsam@trini0.org>
Cc:        FreeBSD Questions <questions@FreeBSD.ORG>
Subject:   Re: passwordless scp and cronjobs 
Message-ID:  <20021004181602.B65005D04@ptavv.es.net>
In-Reply-To: Your message of "Fri, 04 Oct 2002 13:31:56 EDT." <3D9DD08C.1060904@trini0.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Fri, 04 Oct 2002 13:31:56 -0400
> From: Gerard Samuel <gsam@trini0.org>
> Sender: owner-freebsd-questions@FreeBSD.ORG
> 
> A few months ago, I had a cron job scp a file to another box within my
> lan.  It worked great and things were good.
> I dont remember why I turned it off, but Im trying to set it back up.
> Both boxes are running FBSD 4.6.2-Release.
> On the sending box ->
> 1.  ssh-keygen -t rsa  //Accept the defaults and leave the passphrase empty.
> 2.  scp id_rsa.pub sys_dev@hivemind:  //SCP the public key over to the 
> recieving box to the user who is going to recieve the file from the cron 
> job.
> 
> On the recieving box ->
> 1.  cp id_rsa.pub .ssh/authorized_keys2  // Copy the sender's public key 
> to .ssh/authorized_keys2
> 
>   From the sending box, I run my script using the -v option to scp to be 
> verbose.
> Here is the output of the script ->
> ----------------------------
> Executing: program /usr/bin/ssh host hivemind, user sys_dev, command scp 
> -v -t .
> OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090605f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be 
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to hivemind.trini0.org [192.168.0.2] port 22.
> debug1: Connection established.
> debug1: identity file /home/gsam/.ssh/identity type -1
> debug1: identity file /home/gsam/.ssh/id_rsa type 1
> debug1: identity file /home/gsam/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version 
> OpenSSH_3.4p1 FreeBSD-20020702
> debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH*
> debug1: Local version string SSH-1.5-OpenSSH_3.4p1 FreeBSD-20020702
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host key (1024 bits).
> debug1: Host 'hivemind.trini0.org' is known and matches the RSA1 host key.
> debug1: Found key in /home/gsam/.ssh/known_hosts:1
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug1: cipher_init: set keylen (16 -> 32)
> debug1: cipher_init: set keylen (16 -> 32)
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Doing password authentication.
> sys_dev@hivemind.trini0.org's password:
> --------------------------
> 
> Could someone point out to me where Im going wrong with this to have the 
> cron job complete successfully without entering a password.
> Thanks.

The most obvious thing is that you generated SSH V2 RSA keys, but the
connection in the example used SSH V1 and is only interested in V1 keys.

Check the "Protocol" line in $HOME/.ssh/config and/or
/etc/ssh/ssh_config on the client side and /etc/ssh/sshd_config on the
server side and make sure both use V2.

You can force SSH V2 with -oProtocol=2 on the command line according
to the man page. I have not tried this.

R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021004181602.B65005D04>