scp no password copy as root

[Vram]

I guess I am confused..

Why do you need to copy files as root..

This is a BAD practice..


Vram



On Wed, 2005-11-09 at 16:14 +1100, Steven Heimann wrote:
> Vram
> 
> Thanks for your interest.  I should have thought to include the config
> file.  I think it is back to unchanges from the default.
> 
> Steven
> 
> 
> # Package generated configuration file
> # See the sshd(8) manpage for details
> 
> # What ports, IPs and protocols we listen for
> Port 22
> # Use these options to restrict which interfaces/protocols sshd will
> bind to
> #ListenAddress ::
> #ListenAddress 0.0.0.0
> Protocol 2
> # HostKeys for protocol version 2
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> #Privilege Separation is turned on for security
> UsePrivilegeSeparation yes
> 
> # Lifetime and size of ephemeral version 1 server key
> KeyRegenerationInterval 3600
> ServerKeyBits 768
> 
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
> 
> # Authentication:
> LoginGraceTime 120
> PermitRootLogin yes
> StrictModes yes
> 
> RSAAuthentication yes
> PubkeyAuthentication yes
> AuthorizedKeysFile	%h/.ssh/authorized_keys
> 
> # Don't read the user's ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # For this to work you will also need host keys in /etc/ssh_known_hosts
> RhostsRSAAuthentication no
> # similar for protocol version 2
> HostbasedAuthentication no
> # Uncomment if you don't trust ~/.ssh/known_hosts for
> RhostsRSAAuthentication
> #IgnoreUserKnownHosts yes
> 
> # To enable empty passwords, change to yes (NOT RECOMMENDED)
> PermitEmptyPasswords no
> 
> # Change to yes to enable challenge-response passwords (beware issues
> with
> # some PAM modules and threads)
> ChallengeResponseAuthentication no
> 
> # Change to no to disable tunnelled clear text passwords
> #PasswordAuthentication yes
> 
> 
> # To change Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> #KerberosTicketCleanup no
> 
> # Kerberos TGT Passing does only work with the AFS kaserver
> #KerberosTgtPassing yes
> 
> X11Forwarding yes
> X11DisplayOffset 10
> PrintMotd no
> PrintLastLog yes
> KeepAlive yes
> #UseLogin no
> 
> #MaxStartups 10:30:60
> #Banner /etc/issue.net
> 
> # Allow client to pass locale environment variables
> AcceptEnv LANG LC_*
> 
> Subsystem sftp /usr/lib/openssh/sftp-server
> 
> UsePAM yes
> 
> 
> On Tue, 2005-11-08 at 20:03 -0800, Vram wrote:
> > On Wed, 2005-11-09 at 14:46 +1100, Steven Heimann wrote:
> > > I am trying to perform a passwordless scp from one computer to my
> > > desktop which is running Ubuntu 5.10.
> > > 
> > > I have performed the usual key generation and copied it to my desktop.
> > > I am sure the keys were generated without a password.  The system works
> > > fine as an ordinary user but I can't get it to work as root.
> > > 
> > > I have tried :
> > > 
> > > 1. creating a root password on the desktop.  I can perform the copy once
> > > the password is supplied even thogh there is definitely a passwordless
> > > entry authorized_keys.
> > > 
> > > 2. changing PermitRootLogin from yes to without-password.  This results
> > > in the password still being asked for but not accepted.
> > > 
> > > 3.  putting a copy of authosized_keys in authorized_keys2
> > > 
> > > 4.  making a copy in /home/root/.ssh (just in case it might work)
> > > 
> > > What could be stopping me doing the root copy?  ( I need to do it as
> > > root as this is backing up a database server with files owned by a
> > > number of different users and some files are read only)
> > > 
> > > Thank you
> > > Steven
> > > 
> > > 
> > 
> > 
> > 
> > What does /etc/ssh/sshd_config say??
> > 
> > 
> > Vram
> > 
> > 
> > 
> >