Para melhor compreensão, recomendo que você examine esses dois componentes do pacote OpenSSH (você pode fazer isso por man ssh-keygen
e / ou man ssh-copy-id
):
-
SSH-KEYGEN(1)
- geração, gerenciamento e conversão de chaves de autenticação
-
SSH-COPY-ID(1)
- use chaves localmente disponíveis para autorizar logins em uma máquina remota
exemplo (como fazer o par de chaves e copiá-lo para o host remoto):
SSH-KEYGEN(1)
:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/X/.ssh/id_rsa):
Created directory '/X/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /X/.ssh/id_rsa.
Your public key has been saved in /X/.ssh/id_rsa.pub.
The key fingerprint is:
e0:cd:fd:18:45:66:0d:11:a0:08:75:6a:f3:1a:6c:45 X@Z
The key's randomart image is:
+--[ RSA 2048]----+
| ... E ..B= |
| . = . + . |
| * o . |
| + B . . |
| = S o |
| . o + |
| . . . |
| |
| |
+-----------------+
$
e
SSH-COPY-ID(1)
:
$ ssh-copy-id root@Y
The authenticity of host 'Y (Z.Z.Z.Z)' can't be established.
RSA key fingerprint is 5e:8e:ad:71:77:6a:c4:16:e6:0e:34:f8:92:b2:ce:9f.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@Y's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@Y'"
and check to make sure that only the key(s) you wanted were added.
$
Você então poderá usar scp
para copiar sem o prompt de senha ...
Is the manual scp test even a good idea? Because I'm logging in using
my key into serverA but ultimately, it's the cron job that's going to
trigger to scp command.
antes de agendar o cron, eu faria o teste manual para saber o que esperar sem esperar pelo horário agendado.
How do I know under what user ID / keys the cron job will attempt the
copy?
crond
geralmente é executado na raiz, mas para verificar, você pode usar o seguinte:
# ps aux | grep crond | grep -v grep
root 2696 0.0 0.0 126336 1712 ? Ss May13 0:01 /usr/sbin/crond -n
#