1 |
On Thu, Oct 07, 2010 at 02:14:47PM -0400, Willie Wong wrote: |
2 |
> On Thu, Oct 07, 2010 at 06:45:49PM +0200, Momesso Andrea wrote: |
3 |
> > I need to set up a cron job to transfer a file every day from server A |
4 |
> > to server B. |
5 |
> > |
6 |
> > I'd like to do that via ssh and with no user assistance, completely |
7 |
> > automated. |
8 |
> > |
9 |
> > Setting up a public key, would do the job, but then, all the |
10 |
> > connections between the servers would be passwordless, so if server A |
11 |
> > gets compromised, also server B is screwed. |
12 |
> > |
13 |
> > Is there a way to allow only one single command from a single cronjob |
14 |
> > to operate passwordless, while keeping all the other connections |
15 |
> > secured by a password? |
16 |
> |
17 |
> In the authorized_keys file, you need to include a specification of |
18 |
> "command=<insert command here>". Which means that on log-in with the |
19 |
> public key, the sshd will execute that command, and any other commands |
20 |
> sent from the machine which originated the connection will not |
21 |
> execute. |
22 |
> |
23 |
> So I'd imagine you can untar with the command at the target, and |
24 |
> instead of scp, use something like |
25 |
> |
26 |
> tar <file> | ssh -i <identity file> user@host |
27 |
> |
28 |
|
29 |
These two links may also be helpful: |
30 |
|
31 |
http://www.debian-administration.org/articles/438 |
32 |
http://sial.org/howto/rsync/ |
33 |
|
34 |
W |
35 |
-- |
36 |
Willie W. Wong wwong@××××××××××××××.edu |
37 |
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire |
38 |
et vice versa ~~~ I. Newton |