[Sussex] SCP - setup problem
Brendan Whelan
b_whelan at mistral.co.uk
Tue May 10 07:35:46 UTC 2005
Following the help which I was given it was requested that I provide a
summary of the solution. The following technique worked for me but there may
be neater ways and there could be variants between different versions of
Linux:
Setting up an SCP link between Linux servers
Introduction
These notes are based on (much appreciated help) from the user group. The
testing was done on a pair of Fedora core 3 servers linked back to back.
SCP is a secure method of passing files between servers. Additionally, it
can be extended so that it is unnecessary, when making a file transfer, to
include the password for the account used on the remote system. It can
therefore be used for adhoc transfers and for scheduled transfers using CRON
jobs, for example, to transfer daily backups or incremental database update
files.
Setting up a link
Before starting check that the /etc/hosts file has BOTH the machine defined
nnn.nnn.nnn.nnn localhost.name name
name
mmm.mmm.mmm.mmm localhost.other_name other_name
other_name
The above may not be necessary on a live network as the DNS service may
resolve the information.
The following assumes that the account is user is xx and has a home of
/home/xx and that the transfer is to be bidirectional:
1.. Log in as the xx user on system nnn. Check that the default home
directory for the user i.e. /home/xx, is owned by the xx user.
2.. In a terminal window su to user xx then cd /home/xx
3.. If the .ssh directory is not already present, then in a terminal
window type:
mkdir .ssh Note the dot at the start of the filename.
chmod 700 .ssh
4.. Note: The .ssh directories are normally hidden the view option in
konqueror browser windows may need temporarily setting to view the results
of any file creation.
5.. Create the public and private key which give facilitate remote access
without the need for passwords. (The private key resides on the server where
the keys are created and the public key is copied to any other server
from/to which files are to be transferred.) Type
ssh-keygen -t dsa
6.. If not already created, a message may appear stating that the .ssh
subdirectory is being created.
7.. Accept the default options as to where the files are to be created and
the "passphrase" options - pressing return indicates that no "passphrase"
is required.
8.. The files created can be viewed in the /home/xx/.ssh directory.
9.. Repeat steps 1 to 8 on the other system.
10.. Copy the id_dsa.pub file to /home/xx/ on the other system. (Use a
floppy, FTP, etc.) This file can be deleted when the setup process is
completed.
11.. On the other system type:
su xx
cd /home/xx/.ssh
cat /home/xx/id_dsa.pub >> authorized_keys
Note: The "z" in authorized.
This technique enables public keys from several systems to be included is
appropriate.
chmod 600 authorized_keys
(644 was recommended by a Linux user butt 600 worked for me)
12.. Create a file in the xx directory on the other system e.g.
system_1.txt
13.. On the original system check that the transfer mechanism works as
expected:
14.. cd /home/xx
15.. scp xx at mmm.mmm.mmm.mmm:/home/xx/system_1.txt
/home/xx/system_1_copied.txt
The first time that a connection is made to another system the user will be
requested to confirm the link by typing "yes". In which case, an entry will
be added to the hosts file.
ALWAYS DO A MANUAL CHECK TO ENSURE THAT THE HOSTS FILE IS SETUP CORRECTLY
AND THAT THE OTHER FILES ARE IN PLACE AND CORRECTLY PROTECTED.
Hint - executing the above scp command with a -v option will produce a
detailed list of progress. Similarly, viewing the /var/log/secure log on the
system containing the file to be transferred can reveal security problems.
Check that the file appears in /home/xx directory.
Repeat steps 10 to 15 to transfer in the other direction i.e. create the
keys on mmm and transfer to nnn.
Note: The above must be repeated for each account that is to be used for
transfer.
Brendan Whelan 10 May 05
.ENDS.
More information about the Sussex
mailing list