If you ever want to use scp (secure copy) in a shell script, you should consider passwordless ssh authentication first.
These are the steps to enable passwordless ssh authentication from machine1 to machine2, using OpenSSH sshd server on machine2. With this enabled, machine1 can log into machine2 without a password prompt.
On machine1 execute:
#ssh-keygen -t rsa #DEPRECATED, FOR SSH PROTOCOL V1
ssh-keygen -t ed25519 # Secure, for SSH V2
Press enter three times for setting no password and the standard path for your keyfile.
A file will be generated (a message like the following is displayed):
Your identification has been saved in /root/.ssh/id_ed25519
Your public key has been saved in /root/.ssh/id_ed25519.pub
Then, copy the file "id_ed25519.pub" from machine1 to machine2, using scp:
scp id_ed25519.pub root@machine2:/root/.ssh/id_ed25519_machine1.pub
Now, login to machine2 and append the file's content to "/root/.ssh/authorized_keys":
cat id_ed25519_machine1.pub >> /root/.ssh/authorized_keys
If a user's authorized_keys contains a generated key from another machine, that user from the other machine is allowed to login with that user without password.
In this example, root from machine1 can login to machine2 or copy files with scp to machine2 without password prompt.
Make sure the permissions are correct too!
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod go-wrx ~
And sometimes on the target machine some entries in the /etc/ssh/sshd_config file are required:
AllowUsers root [INSERT_USER_HERE]
#RSAAuthentication yes #Don't use anymore! Deprecated
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
If the password prompt is still displayed on machine1, make sure that on machine2 the home-directory of the user is set up correctly and that the user can cd in his home directory and into the .ssh subdirectory.
Helpful Links:
-
http://www.linuxjournal.com/article/8600
-
http://www.brandonhutchinson.com/Passwordless_ssh_logins.html
-
https://goteleport.com/blog/comparing-ssh-keys/