[Techtalk] Securely transferring files using scripts

James jas at spamcop.net
Sat Jul 20 18:17:21 EST 2002


On Sat, 20 Jul 2002, jennyw wrote:

> Thanks, Hamster!  But if I do that, and if the box with the script gets
> compromised, won't that give an intruder full access to the second box,
> too?  That's what I want to avoid.  I guess maybe I should learn more 
> about jails or something?  I'm really hoping there's a software package 
> out there that allows people from other machines to drop files onto the 
> machine without giving them any access.
> 
> The alternative, I guess, would be to have the backup machine pull the tar 
> files from the mail server.  That way, the mail server wouldn't have to 
> connect the backup machine.  Hmmm....

You MAY be able to set that up with SSH; the University of Cambridge mail 
servers certainly allow users to access files via SCP without giving them 
a full shell. Alternatively:

Set up an rsyncd (server) on the mail server, with a share limited to 
read-only access, of the directory to be backed up only, accessable only 
by the backup server (by IP address). Then just have the backup server 
"pull" updates automatically from cron. If security is an issue (e.g. if 
the backup server is over a long or insecure connection from the mail 
server) you could tunnel the connection over SSL, too.


IIRC, this is one of the example configurations given in the rsync docs: 
the user has a script which backs up his development machine onto another 
regularly from cron.


James.




More information about the Techtalk mailing list