0

I am relatively new to the Linux environment, and I have been trying to setup a server to for hosting purposes.

I have been using an ssh key to log into my server with no issues, but when I try to use scp I am given a "Permission Denied" message. I have password auth turned off normally, but when I did turn it back on I was able to log in via password and upload the file via scp just fine.

I also found it odd that when I went to scp to the server initially, I was given the message that the server fingerprint has not been identified and would I like to add it to the list of known hosts? The reason I found this odd is because I already added my server to the list of known hosts when I first setup the server and logged in via ssh, so why did it ask me again for scp? Shouldn't the host already be known when I did it via ssh initially? I was really confused and made sure that I was using the correct server path a bunch of different times and each time I got that message for me to add to the known list, when I already had that server added (logging into ssh as well just fine). When it added it to the list of known hosts I could log in via password but not with the ssh key.

To explain what I've done, when I first started my server I added my ssh key initially using ssh-copy-id. Once this scp issue happened I also decided to try using scp to upload the ssh keys to the server, with no luck. I was given this line from a tutorial to copy your keys to your server

scp ~/.ssh/id_rsa.pub <username>@<host>:~/.ssh/authorized_keys

I even attempted to redo `ssh-copy-id' as well as do it with -f, which was recommended on a post, and nothing is working.

The only thing I can think of is maybe there is some sort of permissions issue, but I don't see why the permissions would be different when using the user via ssh compared to via scp to login? The only other thing I can think of is somehow there is something weird going on with looking at the host(which would explain having to add the server to the list of known hosts again) and that is affecting the ssh key lookup? I'm not sure.

So essentially, SSH key works for SSH Login, but doesn't work for SCP. Password does work for SCP, but I normally have password authentication turned off and want to use my SSH Key.

I'm curious if anyone has any clue what is going on? Thank you

Improve this question
1
  • Please edit your question to show the exact error message that you're getting. Don't paraphrase it.
    – Kenster
    Commented Apr 2, 2021 at 2:17

1 Answer 1

Reset to default
0

Think of ssh and scp as two separate programs:

on your client workstation, you are your_username. in ~/.ssh there is a file id_rsa.pub

on your remote workstation, you are your_username in ~/.ssh there is a file authorized_keys that the contents of id_rsa.pub is also.

when you want to ssh to the server you type:

ssh -i ~/id_rsa.pub your_username@remote_server

The -i is a flag that takes a filename as an argument; it means identity. You present the key found in the file to the server, instead of a password. If no identity is presented by ssh, it defaults to presenting ~/.ssh/id_rsa.pub

when you do not need to login, but wish to copy a file to the remote server you can use scp and type:

scp -i ~/id_rsa.pub your_username@remote_server:/path/to/directory/

The -i is a flag that takes a filename as an argument; it means identity. You present the key found in the file to the server, instead of a password. There is no default identity presented, if none is specified.

If you type the command you presented:

scp ~/.ssh/id_rsa.pub <username>@<host>:~/.ssh/authorized_keys

You are saying copy the file ~/.ssh/id_rsa.pub to the remote server and overwrite ~/.ssh/authorized_keys. you are not presenting a key to the server, unless you specify a file with -i.

When you connect to a remote server you must type your password, or present an ssh key each time.

On the remote server make sure the contents of the authorized_keys file matches id_rsa.pub on your client machine. set its permissions to 600

if you can then successfully login via ssh using a key, you should be able to copy files as your_username provided you have permissions on the remote directory.

try whatever scp command you are running again, but include -i ~/.ssh/id_rsa.pub each time.

If you truly are trying to copy id_rsa.pub to the remote authorized_keys. the command to run is:

scp -i ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub @:~/.ssh/authorized_keys

Improve this answer
8
  • Thank you for your answer. Maybe I'm not clear, I'm having issues with using the same key to login to scp that I use for ssh, but I was attempting to do the extra steps just to make sure there wasn't issues... Maybe that was confusing to the post. Essentially, why am I having issues using my ssh key in scp? I can login fine with ssh, so why is scp giving me an issue? thank you.
    – MXBuster
    Commented Apr 1, 2021 at 23:26
  • ah okay. you need to specify the key: scp -i ~/.ssh/id_rsa.pub FILENAME USER@SERVER:/home/USER/FILENAME. you're missing -i. i thought you were trying to copy it.
    – Timmy Browne
    Commented Apr 2, 2021 at 0:48
  • I was trying to connect the key to the server again just to see if there was an issue somehow with the key, but it doesn't seem to be the case, and the issue seems to be with scp.. I don't know.... What does the "-i" do? There seems to be a bunch of ways to get the key up there, but the ssh-copy-id seems to be the best at least for ssh.... Why scp isn't working is still the mystery! Thank you.
    – MXBuster
    Commented Apr 2, 2021 at 0:52
  • -i is the flag meaning 'use this identity. so scp -i ~/id_rsa.pub means 'scp using this key to login to the remote server' but scp ~/id_rsa.pub means 'scp this key file to the remote server'
    – Timmy Browne
    Commented Apr 2, 2021 at 0:55
  • 1
    Thank you for the information. I understand now that the issue was that I wasn't including the key at all. I thought, similar to SSH, I wouldn't have to include the key when connecting hence my confusion on the matter. I appreciate your help with this!
    – MXBuster
    Commented Apr 2, 2021 at 15:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .