From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-115509-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1P3ywv-0003Jp-H8
	for garchives@archives.gentoo.org; Thu, 07 Oct 2010 22:28:29 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3B3A8E0AA3;
	Thu,  7 Oct 2010 22:28:05 +0000 (UTC)
Received: from sentinel.math.Princeton.EDU (sentinel.math.Princeton.EDU [128.112.16.31])
	by pigeon.gentoo.org (Postfix) with ESMTP id 263FBE0AA3
	for <gentoo-user@lists.gentoo.org>; Thu,  7 Oct 2010 22:28:05 +0000 (UTC)
Received: from math.princeton.edu ([128.112.18.16])
	by sentinel.math.Princeton.EDU with esmtp (Exim 4.69)
	(envelope-from <wwong@Math.Princeton.EDU>)
	id 1P3ywW-0008Dh-5b
	for gentoo-user@lists.gentoo.org; Thu, 07 Oct 2010 18:28:04 -0400
Received: from math.Princeton.EDU (localhost.localdomain [127.0.0.1])
	by math.Princeton.EDU (8.13.8/8.13.8) with ESMTP id o97MS4Ci012651
	for <gentoo-user@lists.gentoo.org>; Thu, 7 Oct 2010 18:28:04 -0400
Received: (from wwong@localhost)
	by math.Princeton.EDU (8.13.8/8.13.8/Submit) id o97MS4JE012648
	for gentoo-user@lists.gentoo.org; Thu, 7 Oct 2010 18:28:04 -0400
Date: Thu, 7 Oct 2010 18:28:04 -0400
From: Willie Wong <wwong@Math.Princeton.EDU>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user]  Copying a file via ssh with no password, keeping the system safe
Message-ID: <20101007222804.GA12640@math.princeton.edu>
References: <20101007184549.65756vlexbx2u7sw@momessonet.ath.cx> <4CAE141F.7040904@alyf.net>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4CAE141F.7040904@alyf.net>
User-Agent: Mutt/1.4.2.2i
X-Archives-Salt: ab45af1f-1a59-4584-bf8d-0382ec15c9bb
X-Archives-Hash: f5ae4a3b36bd5671760978b22545370f

On Thu, Oct 07, 2010 at 08:40:31PM +0200, Andrea Conti wrote:
> > Is there a way to allow only one single command from a single cronjob to
> > operate passwordless, while keeping all the other connections secured by
> > a password?
> 
> You can't do that on a per-command basis. You'd be trying to control the
> authentication method accepted by sshd on B according to which command
> is run on A -- something sshd on B knows nothing about.
> 

That's partially false. See my response in this thread. 

W
-- 
Willie W. Wong                                     wwong@math.princeton.edu
Data aequatione quotcunque fluentes quantitae involvente fluxiones invenire 
         et vice versa   ~~~  I. Newton