| 1 |
On 7 Oct 2010, at 17:45, Momesso Andrea wrote: |
| 2 |
> I need to set up a cron job to transfer a file every day from server A to server B. |
| 3 |
> |
| 4 |
> I'd like to do that via ssh and with no user assistance, completely automated. |
| 5 |
> |
| 6 |
> Setting up a public key, would do the job, but then, all the connections between the servers would be passwordless, so if server A gets compromised, also server B is screwed. |
| 7 |
> |
| 8 |
> Is there a way to allow only one single command from a single cronjob to operate passwordless, while keeping all the other connections secured by a password? |
| 9 |
|
| 10 |
You could create a user on server B called backup, a user with very limited permissions and no shell (/bin/false). Thus server A can transfer files to serverb:~backup but if the key is compromised then little else can be done. |
| 11 |
|
| 12 |
Not sure if the user could somehow be run in a chrooted ssh, for better security? I'm not sure what files a new user "backup" would have read-access to by default? If the key is obtained from server A then the attacker could copy files from server B (back to wherever they like), and it might be possible to obtain information about what services are run on that system or otherwise learn vulnerabilities from what could be read. |
| 13 |
|
| 14 |
Stroller. |
Archives