Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 04 Oct 2002 15:48:56 -0400
From:      Gerard Samuel <gsam@trini0.org>
To:        Kevin Oberman <oberman@es.net>
Cc:        FreeBSD Questions <questions@FreeBSD.ORG>
Subject:   Re: passwordless scp and cronjobs
Message-ID:  <3D9DF0A8.7040508@trini0.org>
References:  <20021004181602.B65005D04@ptavv.es.net>

next in thread | previous in thread | raw e-mail | index | archive | help
I started the whole process again and added the SSH2 option to the 
command line which now looks like this ->
scp -o 'Protocol=2' -v ~/temp/file.zip sys_dev@hivemind:

Towards the bottom you'll see its trying authentication methods, using 
the public key as the first option.
I would tend to believe if all were well, it shouldn't have to go past 
that point.
Ill try messing around some more with the ssh options and report back.

Thanks

Here is the output of the ssh debug ->
--------------------------------
Executing: program /usr/bin/ssh host hivemind, user sys_dev, command scp 
-v -t .
OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090605f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to hivemind.trini0.org [192.168.0.2] port 22.
debug1: Connection established.
debug1: identity file /home/gsam/.ssh/id_rsa type 1
debug1: identity file /home/gsam/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version 
OpenSSH_3.4p1 FreeBSD-20020702
debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1 FreeBSD-20020702
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 121/256
debug1: bits set: 1602/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hivemind.trini0.org' is known and matches the DSA host key.
debug1: Found key in /home/gsam/.ssh/known_hosts:6
debug1: bits set: 1573/3191
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: 
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try pubkey: /home/gsam/.ssh/id_rsa
debug1: authentications that can continue: 
publickey,password,keyboard-interactive
debug1: try privkey: /home/gsam/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
Password:

Kevin Oberman wrote:

>>Date: Fri, 04 Oct 2002 13:31:56 -0400
>>From: Gerard Samuel <gsam@trini0.org>
>>Sender: owner-freebsd-questions@FreeBSD.ORG
>>
>>A few months ago, I had a cron job scp a file to another box within my
>>lan.  It worked great and things were good.
>>I dont remember why I turned it off, but Im trying to set it back up.
>>Both boxes are running FBSD 4.6.2-Release.
>>On the sending box ->
>>1.  ssh-keygen -t rsa  //Accept the defaults and leave the passphrase empty.
>>2.  scp id_rsa.pub sys_dev@hivemind:  //SCP the public key over to the 
>>recieving box to the user who is going to recieve the file from the cron 
>>job.
>>
>>On the recieving box ->
>>1.  cp id_rsa.pub .ssh/authorized_keys2  // Copy the sender's public key 
>>to .ssh/authorized_keys2
>>
>>  From the sending box, I run my script using the -v option to scp to be 
>>verbose.
>>Here is the output of the script ->
>>----------------------------
>>Executing: program /usr/bin/ssh host hivemind, user sys_dev, command scp 
>>-v -t .
>>OpenSSH_3.4p1 FreeBSD-20020702, SSH protocols 1.5/2.0, OpenSSL 0x0090605f
>>debug1: Reading configuration data /etc/ssh/ssh_config
>>debug1: Applying options for *
>>debug1: Rhosts Authentication disabled, originating port will not be 
>>trusted.
>>debug1: ssh_connect: needpriv 0
>>debug1: Connecting to hivemind.trini0.org [192.168.0.2] port 22.
>>debug1: Connection established.
>>debug1: identity file /home/gsam/.ssh/identity type -1
>>debug1: identity file /home/gsam/.ssh/id_rsa type 1
>>debug1: identity file /home/gsam/.ssh/id_dsa type -1
>>debug1: Remote protocol version 1.99, remote software version 
>>OpenSSH_3.4p1 FreeBSD-20020702
>>debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat OpenSSH*
>>debug1: Local version string SSH-1.5-OpenSSH_3.4p1 FreeBSD-20020702
>>debug1: Waiting for server public key.
>>debug1: Received server public key (768 bits) and host key (1024 bits).
>>debug1: Host 'hivemind.trini0.org' is known and matches the RSA1 host key.
>>debug1: Found key in /home/gsam/.ssh/known_hosts:1
>>debug1: Encryption type: 3des
>>debug1: Sent encrypted session key.
>>debug1: cipher_init: set keylen (16 -> 32)
>>debug1: cipher_init: set keylen (16 -> 32)
>>debug1: Installing crc compensation attack detector.
>>debug1: Received encrypted confirmation.
>>debug1: Doing password authentication.
>>sys_dev@hivemind.trini0.org's password:
>>--------------------------
>>
>>Could someone point out to me where Im going wrong with this to have the 
>>cron job complete successfully without entering a password.
>>Thanks.
>>    
>>
>
>The most obvious thing is that you generated SSH V2 RSA keys, but the
>connection in the example used SSH V1 and is only interested in V1 keys.
>
>Check the "Protocol" line in $HOME/.ssh/config and/or
>/etc/ssh/ssh_config on the client side and /etc/ssh/sshd_config on the
>server side and make sure both use V2.
>
>You can force SSH V2 with -oProtocol=2 on the command line according
>to the man page. I have not tried this.
>
>R. Kevin Oberman, Network Engineer
>Energy Sciences Network (ESnet)
>Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
>E-mail: oberman@es.net			Phone: +1 510 486-8634
>
>
>  
>

-- 
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D9DF0A8.7040508>