| 1 |
On Thu, Oct 07, 2010 at 02:14:47PM -0400, Willie Wong wrote: |
| 2 |
> On Thu, Oct 07, 2010 at 06:45:49PM +0200, Momesso Andrea wrote: |
| 3 |
> > I need to set up a cron job to transfer a file every day from server A |
| 4 |
> > to server B. |
| 5 |
> > |
| 6 |
> > I'd like to do that via ssh and with no user assistance, completely |
| 7 |
> > automated. |
| 8 |
> > |
| 9 |
> > Setting up a public key, would do the job, but then, all the |
| 10 |
> > connections between the servers would be passwordless, so if server A |
| 11 |
> > gets compromised, also server B is screwed. |
| 12 |
> > |
| 13 |
> > Is there a way to allow only one single command from a single cronjob |
| 14 |
> > to operate passwordless, while keeping all the other connections |
| 15 |
> > secured by a password? |
| 16 |
> |
| 17 |
> In the authorized_keys file, you need to include a specification of |
| 18 |
> "command=<insert command here>". Which means that on log-in with the |
| 19 |
> public key, the sshd will execute that command, and any other commands |
| 20 |
> sent from the machine which originated the connection will not |
| 21 |
> execute. |
| 22 |
> |
| 23 |
> So I'd imagine you can untar with the command at the target, and |
| 24 |
> instead of scp, use something like |
| 25 |
> |
| 26 |
> tar <file> | ssh -i <identity file> user@host |
| 27 |
> |
| 28 |
|
| 29 |
These two links may also be helpful: |
| 30 |
|
| 31 |
http://www.debian-administration.org/articles/438 |
| 32 |
http://sial.org/howto/rsync/ |
| 33 |
|
| 34 |
W |
| 35 |
-- |
| 36 |
Willie W. Wong wwong@××××××××××××××.edu |
| 37 |
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire |
| 38 |
et vice versa ~~~ I. Newton |
Archives