From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1P3vB0-0000DQ-Ca for garchives@archives.gentoo.org; Thu, 07 Oct 2010 18:26:51 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4ADFFE06C8; Thu, 7 Oct 2010 18:26:14 +0000 (UTC) Received: from sentinel.math.Princeton.EDU (sentinel.math.Princeton.EDU [128.112.16.31]) by pigeon.gentoo.org (Postfix) with ESMTP id 2F832E06C8 for ; Thu, 7 Oct 2010 18:26:14 +0000 (UTC) Received: from math.princeton.edu ([128.112.18.16]) by sentinel.math.Princeton.EDU with esmtp (Exim 4.69) (envelope-from ) id 1P3vAS-0004gz-Sx for gentoo-user@lists.gentoo.org; Thu, 07 Oct 2010 14:26:14 -0400 Received: from math.Princeton.EDU (localhost.localdomain [127.0.0.1]) by math.Princeton.EDU (8.13.8/8.13.8) with ESMTP id o97IQCYR004264 for ; Thu, 7 Oct 2010 14:26:12 -0400 Received: (from wwong@localhost) by math.Princeton.EDU (8.13.8/8.13.8/Submit) id o97IQCSO004261 for gentoo-user@lists.gentoo.org; Thu, 7 Oct 2010 14:26:12 -0400 Date: Thu, 7 Oct 2010 14:26:12 -0400 From: Willie Wong To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Copying a file via ssh with no password, keeping the system safe Message-ID: <20101007182612.GA4250@math.princeton.edu> References: <20101007184549.65756vlexbx2u7sw@momessonet.ath.cx> <20101007181447.GA2283@math.princeton.edu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101007181447.GA2283@math.princeton.edu> User-Agent: Mutt/1.4.2.2i X-Archives-Salt: 32423fe2-7eb9-47b1-969d-5382f5b31f07 X-Archives-Hash: 54fcd7ce810d544515eea6f140bec9f9 On Thu, Oct 07, 2010 at 02:14:47PM -0400, Willie Wong wrote: > On Thu, Oct 07, 2010 at 06:45:49PM +0200, Momesso Andrea wrote: > > I need to set up a cron job to transfer a file every day from server A > > to server B. > > > > I'd like to do that via ssh and with no user assistance, completely > > automated. > > > > Setting up a public key, would do the job, but then, all the > > connections between the servers would be passwordless, so if server A > > gets compromised, also server B is screwed. > > > > Is there a way to allow only one single command from a single cronjob > > to operate passwordless, while keeping all the other connections > > secured by a password? > > In the authorized_keys file, you need to include a specification of > "command=". Which means that on log-in with the > public key, the sshd will execute that command, and any other commands > sent from the machine which originated the connection will not > execute. > > So I'd imagine you can untar with the command at the target, and > instead of scp, use something like > > tar | ssh -i user@host > These two links may also be helpful: http://www.debian-administration.org/articles/438 http://sial.org/howto/rsync/ W -- Willie W. Wong wwong@math.princeton.edu Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire et vice versa ~~~ I. Newton