0

I try to copy files between two rpi's in the same network. Public key installed as prompted in many tutorials. When directly calling ssh or scp command from the terminal no password is asked. Running the same command from a bash script it askes for a password.

I am puzzled because most people seem to have the problem with running ssh/scp using a key at all - but this works fine. It looks like a terminal/bash difference.

The Script looks like:

script:

#!/bin/bash

sudo scp /home/pi/file.txt [email protected]:/home/pi/foo/

It is executed by 

$sudo ./script

I appreciate your help!

Improve this question
2
  • 4
    How exactly do you run it from a bash script? and how do you run the script? Please respond by editing the question.
    – Kamil Maciorowski
    Commented Feb 1, 2019 at 10:32
  • Have you copied the public key of the root account to the remote machine? sudo ssh-copy-id ...? I'm asking because you're executing your script via sudo.
    – Daniel F
    Commented Feb 2, 2019 at 18:35

2 Answers 2

Reset to default
0

The problem with all tutorials is that they may follow different methods. What I normally do is the following.

Because you are using sudo (as per edit of the question) to execute your script, your script will run as root. Not as your own user.

That means that you need to add the public key of root (which is in /root/.ssh/id_rsa.pub) from strawberry in the authorized_keys of root on `blueberry ass well!

Suppose we have two Pi's, let's call them strawberry and blueberry. Strawberry is the ssh-client, blueberry is the server. should be replaced with your logon.

On strawberry:

cd
mkdir .ssh
chown <my name> .ssh
chmod 700 .ssh
ssh-keygen
cp .ssh/id_rsa.pub /tmp/nice_filename
sudo -s
cd ~root
mkdir .ssh
chown root .ssh
chmod 700 .ssh
ssh-keygen
cat .ssh/id_rsa.pub >> /tmp/nice_filename
chmod a+r /tmp/nice_filename
exit

scp /tmp/nice_filename blueberry: # and enter the password for blueberry

ssh-keygen may ask for a password. If you really completely trust your environment, you might choose to leave the password empty. If you do not leave the password empty, you will need to provide that password to unlock the key.

So, normally I just enter-through, leaving the password empty.

On blueberry:

cd
mkdir .ssh
chown <my name>  .ssh
chmod 700 .ssh
cat nice_filename >> .ssh/authorized_keys
chown <my name>  .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
sudo -s
mkdir ~root/.ssh
chown root.root ~root/.ssh
chmod 700 ~root/.ssh
cat nice_filename >> ~root/.ssh/authorized_keys
chown root ~root/.ssh/authorized_keys
chmod 600 ~root/.ssh/authorized_keys

Instead of the cat id_rsa.pub >> .ssh/authorized_keys, you may mv id_rsa.pub .ssh/authorized_keys, but you should only do this if it is really your first key or if you want to remove existing keys.

Next on strawberry:

ssh blueberry ls /tmp
ssh root@blueberry ls /usr
sudo ssh blueberry ls /var

et voila!

Improve this answer
7
  • thanks for your response. this looks identical to one of the tutorials I did (tried multiple). After all of them the direct ssh or scp via comand line worked without any flaws. - the problem is as soon as I try to execute those same lines (scp) via a bash script a password is asked...
    – JanM
    Commented Feb 2, 2019 at 11:36
  • How do you launch your script? Under a different user? Did you put a password for unlocking the keys?
    – Ljm Dullaart
    Commented Feb 2, 2019 at 11:40
  • @LjmDullaart it is all te same. I didn't use any passwords other than the default pi/pi combo for the root...all was left blank
    – JanM
    Commented Feb 2, 2019 at 12:21
  • So you have a folder /root/.ssh drwx------ root root, on blueberry, in which you have the public key from id_rsa.pub root on strawberry in authorized_keys -rw------- root root. On strawberry, you are root when you launch the script. (just to verify). Can you do grep PermitRootLogin /etc/ssh/sshd_config ? (should be yes, if you can ssh fron the cli) Does ssh -v blueberry provide any hints?
    – Ljm Dullaart
    Commented Feb 2, 2019 at 12:34
  • So, from the edit of your question, I can see that it is not the same. I've edited the answer to match your expectations, but please also look at my other answer.
    – Ljm Dullaart
    Commented Feb 2, 2019 at 14:59
0

You mess up things while using sudo. Why you use sudo is not clear. Basically, you just seem to want to do:

script:

#!/bin/bash
scp /home/pi/file.txt [email protected]:/home/pi/foo/

and launch the script as

./script
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .