[clue] scp help?

[Crawford Rainwater]

Mike:

Do a "ls -laZ" on the target directory on the RHEL/CentOS systems.  What I suspect is the problem (noticed this in CentOS and Scientific Linux v5.x and v6.x) is that there are some extra SSH + SELinux oriented security on the target systems.  If you are going CentOS to CentOS, not an issue.  From Ubuntu based (like Mint) to CentOS using key authentication, there is this problem in which it will ask for the password of the user account you are using.

I will have to review my notes on such for the full solution.  Part of which includes remaking your Ubuntu based SSH keys 2048 bit (the default is 768).  The other part might be altering the SSH + SELinux attribute(s) from the target directories and/or files, however, this is the part I would have to research some more.

HTH.

--- Crawford

The Linux ETC Company
10121 Yates Court
Westminster, CO 80031 USA
voice:  +1.303.604.2550
web:    http://www.linux-etc.com

Please do not print this email unless it is absolutely necessary.  Be friendly to the environment by saving paper.


----- Original Message -----
> Message: 3
> Date: Sat, 8 Sep 2012 10:11:38 -0600
> From: Mike Bean <beandaemon at gmail.com>
> Subject: [clue] scp help?
> To: "CLUE's mailing list" <clue at cluedenver.org>
> Message-ID:
> 	<CAKuUP=eymQOUVVS-Xccqc3nwWV0R7SwaMkNNOA2JBbMZDHugug at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi guys, I'm hoping you can help me understand what I'm doing wrong.
>  At my
> job we usually mostly CentOS and certificates to authenticate instead
> of
> passwords.
> 
> My laptop is linux Mint 12, and for the most part I have no problem
> getting
> where I need to go to get my work done.
> 
> it's just sudo ssh -i (path to my cert) -l (mylogin) (some
> destination
> server)
> 
> But every so often, I need to SCP a file up to one of the servers.
> 
> I've tried reading the man pages, and if I'm not totally mistaken -i
> should
> do it, but when I try
> 
> scp (some file) -i [path to my cert] mylogin:someserver (destination
> directly on some server)
> 
> it usually prompts me for a password, which, frankly, I don't have.
> 
> 
> Just in talking with my co-workers: my SSH config and
> agent-forwarding
> usually comes up
> so here's my ~/.ssh/config
> 
> Host *
>         Protocol                2
>         User                    mylogin
>         Compression             yes
>         ServerAliveInterval     30
> 
> ForwardAgent yes
> 
> In my research, I've even tried tweaking my /etc/ssh_config file, to
> include a line to my identity file, and change ForwardAgent to yes.
> To make
> things even more confusing, when I try to restart ssh I inevitably
> get some
> variant of ssh is not a recognized service or that /etc/initd/ssh
> start is
> not a recognized command.
> 
> So for the life of me, I was having difficulty believing THAT or I
> wouldn't
> be able to SSH in the first place.  So basically, color me confused!