using RSA or DSA for authentication to a Linux server via SSH or SCP.

Following on from my post yesterday about backups, I thought I’d give a further explination as to how to copy down the archives that I created in the script.

For this, I’m using SCP. However, if using SCP, you ordinarily need to log on.

If your prompted for a username and password every time your script runs an scp command, it’s kind of pointless having cron run the script at all.

So, to get around the requirement to log in, while at the same time keeping the set up secure, we use an RSA or DSA key.

for the rest of this post, I’m going to call the machines backup and server. The backup is the machine I am copying the backup files to.

On the backup machine, type the following commands to generate the files and copy the public file across to the server. I suggest you use a very restricted account on the backup and server for this.

ssh-keygen -t rsa
hit enter for the first question to agree to save the key to /home/YourUserName/.ssh/id_rsa
Hit enter without typing anything for the second and third questions as we don’t want a password for this particular key. Note, this is usually not recommended but it should be ok for this type of situation.
It will tell you that a public and private key has been created and it will give you the finger print of the newly created key as well.

Next, you will want to copy the public key across to your server. Note, the server is the machine that hosts your backup scripts.
scp .ssh/id_rsa.pub YourUserName@ServerName:.ssh/

If this is the first time you’ve used a public key then use the following command as it will make things easier for you.
scp .ssh/id_rsa.pub YourUserName@ServerName:.ssh/authorized_keys

If however you have used other keys, do the following:
ssh YourUserName@ServerAddress

Type your username and password to log in.

Now, type the following to append the id_rsa.pub to the authorized_keys file.
echo .ssh/id_rsa.pub >> .ssh/authorized_keys

Now, leave the ssh session by typing exit.

From the backup machine, you can now log in via ssh without providing a password.

Note!!!

You might want to secure your public key. If it goes missing, this could go very very baddly for you as this key does not require a password.

Log into the server by typing:
ssh YourUserName:ServerAddress

Now, change the permissions of the file so that this restricted user account is the only one with read and write access to the public key
chmod 600 .ssh/authorized_keys

Now, get out of the ssh session by typing exit.

The next step will be running scp to download your backups and verify that their readable. If their not, we’ll want to log the failure.