Linux system administrators use SSH daily to connect from one system to another. The reason is that it's the defacto protocol for connecting securely to Linux systems. It's secure because all traffic between the systems in encrypted including the initial login exchange. The only thing we system admins use Telnet for these days is to test a remote connection to a web server or to some remote port. OK, I admit it, I have been known to hack an email server or two using Telnet but that's a story for another time. I digress. You might also use SSH-related commands to transfer files between hosts using SFTP or SCP, either to a remote system or from a remote system. But I'm about to show you a cool SSH magic trick that will impress your friends and possibly even stump Penn and Teller as to how you did it.
Note: This procedure involves exchanging SSH keys between hosts and the result is that you no longer have to issue a password to make the connection.
Prerequisite: SSH key generation
Before you can perform this magical wonder, you must prepare your systems to use SSH keys between them. Actually, this step is optional, but to make your life easier, I recommend that you perform it.
For the sake of simplicity in this example, we have three systems: host1, host2, and host3 that use IP addresses 10.10.1.50, 10.10.1.60, and 10.10.1.70, respectively. The table below might be a clearer way of presenting this scenario.
Login to host1 and issue the following command to generate the SSH key.
[host1] $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): <ENTER> Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): <ENTER> Enter same passphrase again: <ENTER> Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:XWk+zJ5Kphe/sT78yg1jLdQCybN4dE2o52eOihEuwPo root@rhel8 The key's randomart image is: +---[RSA 2048]----+ | .. | | . ..+ | | *.= . | | . +.@.. | | o S +oB . | | . . . o.o.=o | | . . o o+O=. | | . . *.+=B. | | E o.oo*=o | +----[SHA256]-----+
Accept the defaults by pressing the ENTER key three times to continue as shown above. I placed the <ENTER> text into the screenshot. You won't see those entries in your terminal window. You have generated the SSH key for this host. Repeat this process on host2 and on host3.
This step must be performed on all hosts in both directions so that file transfers and other SSH-type connection may proceed unfettered by password prompts. This is the easiest method for exchanging keys among hosts.
Issue the following commands from host1 to host2 (10.10.1.60)
[host1] $ ssh-copy-id khess@host2 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/khess/.ssh/id_rsa.pub" The authenticity of host 'host2 (10.10.1.60)' can't be established. ECDSA key fingerprint is SHA256:fM/5eaHGa37W+0xq4QZfL+Y6NobRbCVH1G4uhQLAwMw. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys khess@host2's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'khess@host2'" and check to make sure that only the key(s) you wanted were added.
And now issue the same command from host1 to host3 (10.10.1.70)
[host1] $ ssh-copy-id khess@host3 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/khess/.ssh/id_rsa.pub" The authenticity of host 'host3 (10.10.1.70)' can't be established. RSA key fingerprint is SHA256:Y0X9C7rVNiRgM4yuBH8DUOUed5d/N57VYO+aoRmXmP4. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys khess@host3's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'khess@host3'" and check to make sure that only the key(s) you wanted were added.
Now, any SSH-type transaction will be passwordless from host1 to host2 and from host1 to host3.
Repeat this process for hosts 2 and 3.
[host2] $ ssh-copy-id khess@host1
[host2] $ ssh-copy-id khess@host3
[host3] $ ssh-copy-id khess@host1
[host3] $ ssh-copy-id khess@host2
This copies keys among all hosts so that now any SSH-type transaction to or from any host will be passwordless. Test yours to prove it to yourself.
Make normal happen
For testing purposes, create a new file on each system in your home directory as <hostname.txt>, so that one host1 you have host1.txt, on host2 you have host2.txt, and on host3 you have host3.txt.
As a preliminary, non-magical exercise, login to host1 and copy the host1.txt file to host2 and to host3. You must specify the full path to the destination file.
[host1] $ scp host1.txt khess@host2:/home/khess/host1.txt host1.txt 100% 0 0.0KB/s 00:00 [host1] $ scp host1.txt khess@host3:/home/khess/host1.txt host1.txt 100% 0 0.0KB/s 00:00
The files are empty and therefore you see that the size is 0 and the transfer rate is 0.0KB/s. These numbers would be different if the file had any size to it. This exercise looks exactly the same if you login to either host2 or host3 and copy the local files to the other remote systems. This is not particularly interesting or magical.
Magic: The Copying
So for my final file copy trick, the true magic of copying a file from one host to another host without logging in to either of them from a third host. It looks like this:
Initiate an SCP session from host1 that copies the host2.txt file from host2 to host3. Let's see how that looks at the command line. You must specify the exact path both on the source system and on the target system.
[host1] $ scp khess@host2:/home/khess/host2.txt khess@host3:/home/khess/host2.txt host2.txt 100% 0 0.0KB/s 00:00
The host2.txt file copies from host2 to host3 without a login. Magic.
Generically, this command looks like:
[hostX] $ scp user@source_host:/path/to/file user@target_host:/path/to/file
You can rename the target file during the copy. Do you see any automated scripting possibilities using this magic trick?
And, this is where you exclaim, "Wow, that's magic!"
SSH, as you can see, isn't just one thing. It is a secure protocol that's used for interacting with a computer, copying files, and securing other types of communications, as in "X service over SSH." This article showed you how to setup SSH keys so that you don't have to type a password to login to a remote system, to copy files to a remote system, or to copy files between two remote systems. Setting up SSH keys between systems means that you can easily automate tasks such as file manipulation without storing a password in a file. And, using SSH/SCP in this manner isn't really magic but you probably already knew that.