[Tgcmgroup] file transfer between hao and scd supers
Ben Foster
foster at hao.ucar.edu
Tue May 11 16:17:23 MDT 2004
Hi tgcmgroup:
This outlines methods for file transfer (secure copy, or "scp")
between hao and scd systems for use by the hao TISO group (or
anyone else at hao). Scp replaces the insecure rcp command we
have used in the past.
This message assumes you are able to login to the scd supers from
hao using "ssh -X roy.ucar.edu" and the CryptoCard.
Basic use of scp (secure copy) (see also "man scp"):
1. The scp command must be initiated from an scd server
(never from the hao workstation).
2. The basic form of the scp command is (same as rcp):
scp source destination
where either source or destination is the remote file user at host:path,
depending on the direction of the copy, e.g.:
scd-prompt> scp test cedar.hao:test # put file test on cedar
scd-prompt> scp cedar.hao:test test # get file test from cedar
You will have to provide your hao password for each scp command
(see steps below to setup unattended scp)
3. If you are working from an hao Sun system and scp does not work,
it may be that the ssh daemon is not running on your workstation.
Send mail to hao "trouble" and ask to have sshd started on your
machine.
Steps to set up unattended scp file transfer, i.e., scp without a password:
(s.a., http://www.scd.ucar.edu/docs/access/transfer.html and "man ssh-keygen")
1. Issue the following command from the scd server (dave in this case):
dave-prompt> ssh-keygen -t dsa -b 1024 -C 'user at dave' -P ''
Where: ssh-keygen is the command to set up public/private key paired files.
-t dsa means type DSA encryption
-b 1024 means the keys will be 1024 bytes
-C '...' is a comment to accompany the keys
-P '' means a null password
"user" is your login name
You can hit return when it asks where to put the key files (i.e., in ~/.ssh).
This command should create 2 files on dave:
~/.ssh/id_dsa # the private key (rw only by owner)
~/.ssh/id_dsa.pub # the public key (generally readable)
2. Now scp the public key ~/.ssh/id_dsa.pub from dave to ~/.ssh on your hao
workstation. Then rename it authorized_keys (or, if authorized_keys
already exists, append id_dsa.pub to authorized_keys). The original
id_dsa.pub can be removed from dave.
3. Next copy the private key ~/.ssh/id_dsa on dave to your home on dave.
I have been told by consultants that scd may occaisionally overwrite
files in ~/.ssh, so this is to save the private key in your home.
4. Scp should now work without a password. By default, scp will use the
private key ~/.ssh/id_dsa. If you want/need to use the copy in your
home, use "scp -i ~/id_dsa ...". You can also alias scp to scp -i ~/id_dsa.
Once its working on dave, it will also work on blackforest, since bf and
dave use the same file system.
5. You must follow this procedure on each scd server from which you wish
to use scp (e.g., bluesky, dataproc, chinook, etc). When you get the
public key for each machine, just append it to ~/.ssh/authorized_keys
at hao.
--Ben
-----------------------------------------------------------------------
Ben Foster High Altitude Observatory (HAO)
foster at ucar.edu phone: 303-497-1595 fax: 303-497-1589
Nat. Center for Atmos. Res. P.O. Box 3000 Boulder CO 80307 USA
-----------------------------------------------------------------------
More information about the tgcmgroup
mailing list