If you’ve ever struggled with setting up pass-through authentication using generated SSH keys, this article is for you.

Using SCP (secure copy) on a linux box ensures that your files will be transferred in an encrypted state, unlike FTP which sends data in clear text.  SCP file transfers are very useful when scripting automated processes like database backups – the backup can be run, compressed, and then immediately shipped over to a different server for storage.  The problem with scripting this connection between two servers is the fact that a password is required (hopefully!) on the remote server, and you don’t want your script to halt, waiting for a user to type in the password.  So, SCP pass-though authentication can be a solution.  The steps to setting it up go like this:

  1. Confirm that an identical user exists on both servers, using the same password.
  2. On the server SENDING the files using SCP, run the following to generate the key pair:  ssh-keygen -t rsa
  3. You’ll see the following:
    Enter file in which to save the key (/home/seth/.ssh/id_rsa):

    Just hit enter to save in the default directory.  Next you will see:

    Enter passphrase (empty for no passphrase):
    It is recommended that you enter a passphrase for additional security, but not required.
  4. After adding a passphrase (or skipping it) you may see a randomart image for the generated key, along with notification of the paths that your public and private key pair has been saved in.
  5. Now for the important parts.  Copy the public key file ( in the .ssh directory for Ubuntu) into the remote server’s .ssh directory (again, for Ubuntu).  You can use SCP to transfer the file.
  6. RENAME the public key file to authorized_keys (or append the contents of the public key file to authorized_keys if it already exists.  DO NOT copy and paste the text of the public key to the authorized_keys file. I have done this and wound up with invisible characters or something that wouldn’t allow pass-through authentication to work).
  7. That’s it.  No need to log off, the pass-through authentication should be working immediately.  Try a test by sending a file like this:  scp testfile.txt seths_server:/home/seth/.  You should see SCP doing its thing without asking for a password.

Whenever I’ve attempted to set this up in the past, I’ve always tried copying and pasting the public key, rather than appending it or renaming the file, and the result didn’t work.  If you have an existing authorized_keys file, use cat to append the new key to any existing contents in the file:  cat >> ~/.ssh/authorized_keys.


Posted on January 29, 2010, in Linux Administration. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: