scp asks for passphrase even if the private key doesn't have one

Question

I am trying to automate a file copy task from one host to another. First of all, I create a private-public key pair from my own machine (without passphrase), and I upload the public key to let's say the receiver host B, at ~/.ssh/authorized_keys using the password. After that, I test that I can access B through the ssh, and it works fine. Then, I copy my private key to host A which is the sender. I try to copy a file using scp scp -i ~/.ssh/my_private_key test.png [email protected]:/root/test.png, but it asks me for a passphrase, although I am sure I did not set any passphrase. I also tried using a key with a passphrase, and it did not accept it.

When I create a private-public key directly in A, it works. Does this has to do with moving the private key from one host to another? Any workaround for this? (In my case, I will using private keys from end-users, so they will definitely not be created locally).

Answer 1

You shouldn't ever need to copy a private key.

Looking at the command you referenced:

scp -i ~/.ssh/my_private_key test.png [email protected]:/root/test.png

To work, you would need the public key corresponding to my_private_key to be in the authorized_keys file on the remote server. Since you're sending to root, it should be in user root's authorized_keys file.

You may want to consider installing and using the keychain package, which is in the repository of many Linux distros. When it's installed and you create a ~/.keychain directory, you only get prompted for your passphrase(s) the first time you log in after bootup. You can log out and in again and you won't be prompted because the decrypted key is stored in memory.

If you want cron jobs to copy file passwordlessly, they can source ~/.keychain${HOSTNAME}-sh.

Alternately, you could use ssh-agent, but you'll need to reenter your passphrase every time you log in.