How can I avoid entering the user password when executing the SCP command?
Recently, I encountered a problem in writing a shell with timed Automatic execution. In this step, you need to use the SCP command to copy the local file to another machine for backup. However, you usually need to enter the user password after executing the SCP command, which is not applicable in the shell step of timed Automatic execution.
My first instinct is to create a user without a password. To use this user in the SCP command, you do not need to enter the user password.
For the convenience of discussion, we call the machine that executes the SCP command as the client, and the remote machine operated by the SCP command as the server.
First, run the following command to delete the root password on the server, even if the root password is changed to a user without a password.
[Root @ server root] # passwd-D Root
Removing password for user root.
Passwd: Success
[Root @ server root] #
To confirm that the root user has changed to a user without a password, log on to the system and try again.
Red Hat Linux release 8.0 (psyche)
Kernel 2.4.18-14 on an i686
Server login: Root
Last login: Fri Sep 14 16:40:08 on tty1
[Root @ server root] #
It is true that the password is no longer required for root login.
Then, we copy a file from the client to the server.
[Root @ client root] # SCP-P textRoot@192.168.3.206:/Root
Root@192.168.3.206'S password: <-- press enter directly
Permission denied, please try again. <-- denied
Root@192.168.3.206'S password: <-- enter any character
Text 100% | ************************** | 19
[Root @ client root] #
According to the test results, even if the root user becomes a user without a password, the SCP command will prompt you to enter the password during execution. Even more strange is that the press enter is rejected when the password is prompted. However, if you enter any other characters, enter the Enter key to confirm the authentication.
Later, I searched for related information on the Internet. For more information, [1] after the two users of the two machines establish a secure trust relationship, you do not need to enter the user password when executing the SCP command. Based on the method described in this document, the test is successful.
Follow these steps to establish a security trust relationship between the root of the client and the root of the server:
1. Run the ssh-keygen command on the client to generate a certificate that establishes a security trust relationship.
[Root @ client root] # ssh-keygen-B 1024-T RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/root/. Ssh/id_rsa ):
Enter passphrase (empty for no passphrase): <-- press ENTER
Enter same passphrase again: <-- press ENTER
Your identification has been saved in/root/. Ssh/id_rsa.
Your public key has been saved in/root/. Ssh/id_rsa.pub.
The key fingerprint is:
49: 9C: 8A: 8f: BC: 19: 5E: 8c: C0: 10: D3: 15: 60: A3: 32: 1C root @ Client
[Root @ client root] #
Note: When the program prompts you to enter passphrase, enter the carriage return, indicating no certificate password.
The above command generates the Private Key Certificate id_rsa and Public Key Certificate id_rsa.pub, which are stored in the. Ssh subdirectory of the user's home directory.
2. Copy the Public Key Certificate id_rsa.pub to the. Ssh subdirectory of the root directory of the server, and change the file name to authorized_keys.
[Root @ client root] # SCP-P. Ssh/id_rsa.pubRoot@192.168.3.206:/Root/. Ssh/authorized_keys
Root@192.168.3.206'S password: <-- enter the root user password of the server.
Id_rsa.pub 100% | *************************** | 218
[Root @ client root] #
When executing the preceding command, the root user of the two machines has not yet established a security trust relationship, so you also need to enter the root user password of the machine server.
After the above two steps, the security trust relationship is established between the root of the client and the root of the server. Let's take a look at the effect:
[Root @ client root] # SCP-P textRoot@192.168.3.206:/Root
Text 100% | ************************** | 19
[Root @ client root] #
Successful! You do not need to enter the password any more.