A quick background on what exactly I'm trying to do:
I frequently have to set up public key authentication from remote clients to my local machine. I'm attempting to automate this process a bit by being able to run a script which will via SSH do 2 things sequentially:
1) Via password authenticated SSH, use ssh-keygen on remote machine and generate an RSA key and save it in a predefined spot
2) Take key on remote machine and set it up so the remote machine can pub-key authenticate with local machine.
I've attempted to do #2 similarly to how I did #1 with using ssh-copy-id in a ssh session. However I get only one password prompt, the prompt for the initial SSH connection. ssh-copy-id requires a password authentication at this point, however SSH doesn't send back the password prompt, and instead I get an output like the following:
[localUser@localhost ~]$ ssh remoteUser@remoteIP ssh-copy-id -i ~/authenticationKey localuser@localhost
remoteUser@remoteIP's password: [ENTER]
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
I should note here as well, that through debug messages I've already determined that the ssh command is connecting successfully. The permission denied messages are coming from ssh-copy-id, and not ssh.
It seems to me that it's a problem with the password prompt not propagating back to the shell from the remote client, or that SSH is attempting submit a password that I don't know (or at least doesn't work)
I suppose that I could do it manually as a workaround by making use of scp, but I'm also partially interested in knowing if there is a way to do this, or at least what ssh is doing here.
Thanks for any help you can give me!
-Bleck H.
Best Answer
It would be simpler to use
ssh-copy-id
locally or just usecat
to copy the public key to the localauthorized_keys
. Heres how I did it.ssh
to remote and use `ssh-keygen`` as in your step #1scp
the public key from remote to local filetmp.pub
If you append your own public key to the remote user's
authorized_keys
in step #1, then you can do step #2 without re-entering a password.Your
ssh
commandssh-copy-id
is executed in a sub-shell on the remote without a tty, so you see the output echoed back to your local, but your local input doesn't get to the remote sub-shell. On my machine (Debian Wheezy) I did:Note the reason that is printed, "Pseudo-terminal will not be allocated because stdin is not a terminal", The result is the same a if you pressed the enter key twice on the remote with no password.