1 |
On Thu, Oct 07, 2010 at 06:45:49PM +0200, Momesso Andrea wrote: |
2 |
> I need to set up a cron job to transfer a file every day from server A |
3 |
> to server B. |
4 |
> |
5 |
> I'd like to do that via ssh and with no user assistance, completely |
6 |
> automated. |
7 |
> |
8 |
> Setting up a public key, would do the job, but then, all the |
9 |
> connections between the servers would be passwordless, so if server A |
10 |
> gets compromised, also server B is screwed. |
11 |
> |
12 |
> Is there a way to allow only one single command from a single cronjob |
13 |
> to operate passwordless, while keeping all the other connections |
14 |
> secured by a password? |
15 |
|
16 |
In the authorized_keys file, you need to include a specification of |
17 |
"command=<insert command here>". Which means that on log-in with the |
18 |
public key, the sshd will execute that command, and any other commands |
19 |
sent from the machine which originated the connection will not |
20 |
execute. |
21 |
|
22 |
So I'd imagine you can untar with the command at the target, and |
23 |
instead of scp, use something like |
24 |
|
25 |
tar <file> | ssh -i <identity file> user@host |
26 |
|
27 |
(of course, this still opens up the possibility that a partition gets |
28 |
filled on your target machine by someone copying random string to it, |
29 |
but you'd have to live with that). |
30 |
|
31 |
(Also, note, I haven't actually tried this method of copying files |
32 |
myself, so while I'd imagine it'd work, you may need to play around |
33 |
with it for a bit. What I've done before was to have a shell script |
34 |
set to run, triggered by a public key login like this.) |
35 |
|
36 |
See 'man sshd' for more detail. |
37 |
|
38 |
HTH, |
39 |
|
40 |
W |
41 |
|
42 |
-- |
43 |
Willie W. Wong wwong@××××××××××××××.edu |
44 |
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire |
45 |
et vice versa ~~~ I. Newton |