Most of the environments now prefer ssh connection to the unix hosts over conventional telnet, and one drawback of ssh connection to a host is it does not allow for FTP access. The ultimate solution for this would be to SCP the files. But SCP requires a user be authenticated before the copy could actually start.
Before we move on any further, lets see how SCP works. Here is a scenario to make things understandable. A DBA wants to transfer a file from one host(source) to another host(destination), the command goes like this
source$> scp
Once the enter key is hit, password for the destination oracle user is prompted - since this is a secure copy. If the number of files that are to be copied are just a few, say less than 5, one does not feel it mundane to key in the password. However if the files to be transferred are more in number say 10, 20 or lets keep it to 50 (big enough), one has to bear the brunt of keying in the password for as many number of files to be transferred.
host1@/export/oracle/home/.ssh$>
Enter the below command to generate a public/private rsa key pair and accept defaults for name of the file to save the password key, also Enter no passphrase, hit enter when prompted for a passphrase.
If the file(s) already exist, the command execution would like shown below.
The above command generates two files, id_rsa and id_rsa.pub. id_rsa.pub is the public key of this host, which has to be transmitted to the destination where you intend to secure copy the files. Offcourse the file id_rsa.pub has to be transmitted by entering the password for the remote host.
Now the contents of id_rsa.pub file has to be appended to the authorized_keys file in the destination host under the directory $HOME/.ssh/
We are now good to go for transfering files over SCP without being prompted for a password. This is really helpful in transfering files using a shell script where a list of SCP syntaxes of files to be transferred are specified in a script.
Note: The above procedure was only tested and implemented on Sun Solaris and HP -UX, for the rest of the flavours of UNIX - it is highly recommended to go through the OS manual or implement on a test environment before moving to production.
No comments:
Post a Comment