SSH/SCP without a password

Here are some links:

Steps to create and distribute RSA key

#generate the keys for whomever is logged on (use a passphrase)
ssh-keygen -t rsa
#copy public key to target machine
ssh-copy-id -i ~/.ssh/id_rsa.pub root@test.cfaw.info
#make sure that the following permissions are in place at both ends:
chmod 700 .ssh
chmod 600 .ssh/*
chmod +r  .ssh/*.pub

Strategies for Key Automation

  1. Use -i option in rsync to load key
    The key is dynamically loaded via the -e “ssh -i filename ...” mechanism. Simple and clean.
    See Troy at: troy.jdmz.net/rsync/index.html
    Note that Troy has the best security solution for rsync at the receiving end.
  2. Use a .ssh/config file
    All the information to make a connection is stored in the .ssh/config file, including the port number for ssh. Very convenient and easy to manage.
    See Dean at: arctic.org/…up/unattended.html
  3. Use ssh-agent and ssh-add to load the key
    A little bit cumbersome as one script has to call another.
    See Rimu at: rimuhosting.com/…yncbackup.jsp
  4. Use keychain to manage keys
    This is theoretically the strongest since it enables a passphrase to be used. However, this has to be entered by hand every time the system is rebooted. Also, it needs the keychain script to be installed.
    See IBM at: www.ibm.com/…backup/index.html

Solution

  • Concepts
    • The initiator computer must generate keys (e.g. backupk) and a .ssh/config file to link them to thre receiver
    • The receiver computer must have an account (e.g. backuser) containing .ssh/authorized_keys
    • The public key from the initiator is placed in this .authorized_keys file
    • This is neatly accomplished with the following script:
  • create the keys using the create_ssh_keys.sh script below, and test
  • install validate-rsync on the server
  • modify the authorized_keys on the server so that the entry starts with: from=“xxx.xxx.xxx.xxx”,command=”/backups/validate-rsync”,no-port-forwarding,no-X11-forwarding,no-pty
AttachmentSize
validate-rsync.264 bytes
create_ssh_keys.txt865 bytes