May 1, 2011, 2:48 a.m.
posted by whitehat
Using SSH and SCP Without a Password
From time to time you may want to write scripts that will allow you to copy files to a server, or login, without being prompted for passwords. This can make them simpler to write and also prevents you from having to embed the password in your code.
SCP has a feature that allows you to do this. You no longer have to worry about prying eyes seeing your passwords nor worry about your script breaking when someone changes the password. You can configure SSH to do this by generating and installing data transfer encryption keys that are tied to the IP addresses of the two servers. The servers then use these pre-installed keys to authenticate one another for each file transfer. As you may expect, this feature doesn't work well with computers with IP addresses that periodically change, such as those obtained via DHCP.
There are some security risks though. The feature is automatically applied to SSH as well. Someone could use your account to log into the target server by entering the username alone. It is therefore best to implement this using unprivileged accounts on both the source and target servers.
The example that follows enables this feature in one direction (from server Bigboy to server Smallfry) and only uses the unprivileged account called filecopy.
Configuration: Client Side
Configuration: Server Side