User avatar
luchiand
Posts: 44
Joined: Sun Feb 24, 2019 8:36 am
Location: Copenhagen
Contact: Skype

Can not copy without a password from a PI zero to a Pi3 through network.

Tue Sep 03, 2019 11:14 am

I struggle to copy from a PI zero to a Pi 3 without a password for a couple of days and nothing works properly. I have to copy some pictures from PiZero to Pi3 each time when a picture is taken without typing a password. Doesn’t matter if I use the command from PI 3 or Pi zero even if the both ways will be the best. It will be much easier to make a program on Pi zero and send the taken pictures to Pi3. But if I can copy them somehow from Pi3 from Pizero is ok. I mention that the network created is via USB but it works fine with VNC; Putty, etc. That is not a problem. I created some interfaces and the USB network has another IPs range.

I tried this:
1.
https://www.raspberrypi.org/documentati ... ordless.md
On Pi 3:
ssh-keygen
That creates a folder .ssh and some files hee in /home/pi/.ssh/
Looking inside directory I found:
ls ~/.ssh
id_rsa id_rsa.pub known_hosts

I have not seen a file named authorized_keys

Then I created a folder with the same name on pizero(IP 10.0.11.2) and copy the content of the id_rsa.pub into an authorized_key in this .ssh folder on pizero from pi3:
cat ~/.ssh/id_rsa.pub | ssh pi@10.0.11.2 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
I have seen on pi zero the folder .ssh was created and inside I found tho files:
known_hosts and authorized_keys
authorized_keys files has exactly the same content like id_rsa.pub file, from pi3 as I expected.
Well, rebooting everything I then started ssh from pi3: ssh pi@10.0.11.2 (to login to pi-zero).
I still did not understand what is the role of this known_hosts file. I have written something but I am still confused. I will read more today.
Well, I was still asked for a password.

2.
I tried to reconfigure the Pi zero so that it need not a password:

SO I TRY TO DEACTIVATE THE PASS LIKE THIS:
https://raspberrypi.stackexchange.com/q ... spberry-pi

I noticed that I can use only nano to edit this file:
/etc/ssh/sshd_config
I changed this lines as I was advised in that link:
PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM yes

I remove # where there was an inactive line and replace yes with no.
I was looking for :
RSAAuthentication yes
PubkeyAuthentication yes


I found PubkeyAuthentication and could make the changes but can not find (I tried with all possible editors and “find” tools). There is not such a thing like RSAAuthentication in this configuration file:
/etc/ssh/sshd_config
Well, after making all this changes things are even worse. I got the error message: “permission denied”. I understood that this will not happen if I replace for this lines yes with no:
RSAAuthentication yes

PubkeyAuthentication yes


and put “no” instead of "yes". As I mention I could not find the line named RSAAuthentication.
It seems to be something that is supposed to be easier.


3.
I tried also to mount a directory of pizero, so that I can share some files. That would have been a nice and elegant method.

https://www.raspberrypi.org/documentati ... h/sshfs.md
After upgrade-update all the systems I installed:
sudo apt-get install sshfs

I created a directory on pi3 named pizero1 (Because from Pi 3 I will see there content from pizero1). I created a directory also on pizero named pi3. The content of pi3 can be seen now in pizero1 folder on Pi3.
I tried this:
sshfs pizero pi@10.0.11.1:/home/pi/pi3
or using complete path:
sshfs pi@10.0.11.1:/home/pi/pizero1 pi@10.0.11.2:/home/pi/pi3

on short :
sshp path/to/shared_on_pi3 pizero@ip_pi_zero:/ path/to/shared_on_PIzero
Or the name instead of IP:
pi@raspberrypi3:/home/pi/pizero1 pi@pizero1:/home/pi/pi3
Well, this time WORKED but only form pi3 to pizero. If I put something in the shared folder on pi3 I can see it in the shared folder in pizero, but I need exactly the other way around. On the other hand, I reinstalled and then upgrade-update both systems a couple of times but nothing works. For such a simple thing I can live days of torture. All I can do is connecting one device to another and make whatever I want on the other device. I can also copy with scp but only with passwords.
All this truly make me sick and give me awful headaches and days of frustration.
Last edited by luchiand on Tue Sep 03, 2019 11:26 am, edited 1 time in total.

User avatar
RaTTuS
Posts: 10456
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Can not copy without a password from a PI zero to a Pi3 through network.

Tue Sep 03, 2019 11:20 am

I've not read all this ^
however
what you do is
on Pi do

Code: Select all

ssh-keygen -t rsa
ssh-copy-id user@remote.machine
ssh user@remote.machine #'to test
to copy

Code: Select all

scp file user@remote.machine:/path/to/wherever #[or just .]
if the same user on both machines then

Code: Select all

scp file.name remote.machine:/path/to/wherever
and if you want to do it in the other way jut repeat from the other machine
Last edited by RaTTuS on Tue Sep 03, 2019 11:51 am, edited 2 times in total.
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

bzt
Posts: 393
Joined: Sat Oct 14, 2017 9:57 pm

Re: Can not copy without a password from a PI zero to a Pi3 through network.

Tue Sep 03, 2019 11:37 am

Hi,

Known_hosts file lists all the servers you have connected to. If you create a new connection, ssh will ask you to verify the key's fingerprint. If the destination server is listed in known_hosts, it will not ask.

About authorized_keys, it seems to me that you did it right. There's one thing though, ssh is extremely picky about the access rights of its config files and the ".ssh" directory. Try "ssh -vvv" or check the logs on the sshd side to find out what's wrong. Chances all good, by default you have created them with a way too permissive access, and ssh doesn't like that. This is a well-educated guess.

About sshd_config, you shouldn't mess with that. The default configuration will allow you to do a key-based authentication just as-is.

If you want to copy more files manually, I'd recommend to use "mc" (Midnight Commander). It has the capability to connect over sftp, ssh, etc. and you'll see your remote files listed on a panel as if they were local. No sshfs needed.

If you want to access files from a shell script (non-interactive), then either use scp, or install sshfs and mount the remote directory on the PiZero (no configuration needed on the RPi3 side). To my experience sshfs is not that reliable and it's very slow.

Cheers,
bzt

User avatar
luchiand
Posts: 44
Joined: Sun Feb 24, 2019 8:36 am
Location: Copenhagen
Contact: Skype

Re: Can not copy without a password from a PI zero to a Pi3 through network.

Tue Sep 03, 2019 11:48 am

I need only some commands that work to copy the files without password automatically, of course nothing manually. I will integrate and call them from my python scripts. I already did this with other Linux commands and worked fine. Thank you for your advice you gave me so far.

bzt
Posts: 393
Joined: Sat Oct 14, 2017 9:57 pm

Re: Can not copy without a password from a PI zero to a Pi3 through network.

Tue Sep 03, 2019 6:32 pm

Hi,
luchiand wrote:
Tue Sep 03, 2019 11:48 am
I need only some commands that work to copy the files without password automatically, of course nothing manually. I will integrate and call them from my python scripts. I already did this with other Linux commands and worked fine. Thank you for your advice you gave me so far.
Then "scp" is definitely what you're looking for. But first, you'll have to set up key based authentication.

Let's say you have two machines, Alice and Bob. You want to run your script on Alice, copying files from/to Bob. Then you should
On Alice:
1. run "sha-keygen -t rsa", this will create id_rsa.pub, use empty passphrase (important!)
2. append the contents of id_rsa.pub to authorized_keys on Bob:

Code: Select all

cat ~/.ssh/id_rsa.pub | ssh Bob -l user 'cat >> ~/.ssh/authorized_keys'
This will also create .ssh/known_hosts on Alice, so that it won't ask for Bob's fingerprint verification any more.
3. now try to login to Bob, you should not be asked for a password. Use "ssh -vvv Bob -l user", that will print out extremely verbose log, including what authentication methods offered by Bob and if key auth fails, why
4. use exec with "scp something.txt user@Bob:" to copy files from your script. Make sure you escape filenames properly to avoid input string injection attacks

On Bob (if key auth doesn't work):
1. check logs under /var/log, if there's a file permission or any other problem, you'll see
2. make sure that the directory .ssh and .ssh/authorized_keys are not group nor world readable/writable. Try "chmod 700 .ssh" and "chmod 640 .ssh/authorized_keys"
3. the sshd_config should have "PubkeyAuthentication yes"

Just for the records, there are two different prompts on ssh:
1. asking for password: this is the password of the user on the destination computer
2. asking for passphrase: this is the encryption key used to access your private key on the source computer

To avoid 1. you have to create authorized_keys on the remote machine, and to avoid 2. you have to create your keys with an empty passphrase.

That's all, good luck!
bzt

Return to “Networking and servers”