[Resolved] SSH from Omega to Linux Server without Password
I have been trying to set up ssh rsync file transfers without having to enter a password from the omega to a remote server.
rsync -av -e ssh /root/webcam/ user@<server ip>:/home/user/webcam
Works but prompts for a password
I used ssh -V to see
Local Omega with Dropbear v2016.74
Remote OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
• mkdir ~/.ssh
• dropbearkey -t rsa -f ~/.ssh/id_rsa
• dropbearkey -y -f ~/.ssh/id_rsa | sed -n 2p > ~/.ssh/id_rsa.pub
to create a key pair then copied the id_rsa.pub file onto the remote server , renamed it to authorized_keys in the .ssh directory and used chmod 755 ~/.ssh and
chmod 644 ~/.ssh/authorized_keys to set the permissions.
Tried testing it with ssh user@<server ip> but get the password prompt.
Any ideas please.
Looks like the permissions on the private key are too wide. However I'd expect a different error message instead of a password prompt. How about trying "chmod 400 ~/.ssh/id_rsa" to see if that helps.
Tried the chmod 400 but still the sane
one thing I did notice was the private key format on the omega looks strange compared to the private key on the Linux box
~/.ssh# cat id_rsa
on Linux server
/.ssh$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
@Andy-Burgess At least you got printing characters! Yes, you discovered the private key files are in binary and not in an encoded (e.g. ascii) representation of binary. Not to worry on that point.
If you 'cat' one of the public key files you'll note a familiar representation.
Other than that all I've done differently is specify a key strength (dropbearkey -t rsa -s 4096 ....).
Going forward assume there may already be an authorized_keys file. As such, append the public key to it as opposed to copy/rename. Just a nit as I stall while trying to figure out what's wrong....
On the server the authorized_keys permissions ought be 600, not 644.
I mis-type the permissions of the client private key. It should be 600, not 400! Yikes! You wouldn't be able to write to it. 8^o
You can send the key by "secure copy" (similar to SSH) like this:
change directory to where the key is on the omega
scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys
Where <user> is the SSH user for the remote login and <yourhost> is the host of the remote login.
You will be asked for a password initially.
For the permissions, both the folder and the key require the following:
chmod 700 /home/user/.ssh chmod 644 /home/user/.ssh/authorized_keys
I was having trouble making rsync work without the password request. I played with the file permissions as suggested in this and other posts. The advice was not all consistent so I tried different combinations, but nothing worked to eliminate the password request. I found a post (https://www.snbforums.com/threads/dropbear-ssh-without-remote-password.21070/) that showed how to specify the location of the private key. That worked.
This command results in a password request.
rsync -av -e ssh <source> <user>@<host>:<destination>
This command does not result in a password request.
rsync -av -e "dbclient -i /root/.ssh/id_rsa" <source> <user>@<host>:<destination>
ssh -i ~/.ssh/id_rsa <user>@<host>
will get me logged in without a password, while
will request a password.
It sounds like it is possible to avoid the password request without explicitly pointing to the private key file. Others have done it but I failed on that score. Here is something that worked for me.
I posted a bit too soon.
The simpler commands (without the dbclient) work if the .ssh file contains a symbolic link to id_rsa. Execute this in the .ssh folder and things work more simply than what I suggested above.
ln -s id_rsa id_dropbear
Thanks all for the help.
I used TheLions
scp id_rsa.pub <user>@<yourhost>:.ssh/authorized_keys to gopy the key then
chmod 700 /home/user/.ssh
chmod 644 /home/user/.ssh/authorized_keys
to set permissions
and Roberts ln -s id_rsa id_dropbear
It's working like a charm.