On Thu, Oct 07, 2010 at 06:45:49PM +0200, Momesso Andrea wrote:
> I need to set up a cron job to transfer a file every day from server A
> to server B.
>
> I'd like to do that via ssh and with no user assistance, completely
> automated.
>
> Setting up a public key, would do the job, but then, all the
> connections between the servers would be passwordless, so if server A
> gets compromised, also server B is screwed.
>
> Is there a way to allow only one single command from a single cronjob
> to operate passwordless, while keeping all the other connections
> secured by a password?
In the authorized_keys file, you need to include a specification of
"command=<insert command here>". Which means that on log-in with the
public key, the sshd will execute that command, and any other commands
sent from the machine which originated the connection will not
execute.
So I'd imagine you can untar with the command at the target, and
instead of scp, use something like
tar <file> | ssh -i <identity file> u...@host
(of course, this still opens up the possibility that a partition gets
filled on your target machine by someone copying random string to it,
but you'd have to live with that).
(Also, note, I haven't actually tried this method of copying files
myself, so while I'd imagine it'd work, you may need to play around
with it for a bit. What I've done before was to have a shell script
set to run, triggered by a public key login like this.)
See 'man sshd' for more detail.
HTH,
W
--
Willie W. Wong ww...@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire
et vice versa ~~~ I. Newton
