[Techtalk] Securely transferring files using scripts
Conor Daly
conor.daly at oceanfree.net
Sat Jul 20 20:54:50 EST 2002
On Sat, Jul 20, 2002 at 10:00:25AM -0700 or so it is rumoured hereabouts,
jennyw thought:
> Thanks, Hamster! But if I do that, and if the box with the script gets
> compromised, won't that give an intruder full access to the second box,
> too? That's what I want to avoid. I guess maybe I should learn more
> about jails or something? I'm really hoping there's a software package
> out there that allows people from other machines to drop files onto the
> machine without giving them any access.
You can secure a key pair for a single task quite easily. Essentially, it
involves putting the public key into $HOME/.ssh/authorized_keys(2) on the
target and specifying the *exact* command along with the key. If anyone
tries to use this key your copy command is what will get run. On your
mailserver you run "rsync -e 'ssh -i <dedicated_private_key>'
<local/files> <remote.server:remote/files>"
I haven't got a URL handy but there should be something linked of Rick
Moen's site at http://www.linuxmafia.com. Ah, here it is...
Quoting Rick Moen:
> Not if the SSH key is locked down to perform only one specific,
> well-chosen function on the remote end. I've been known to use this to
> auto-mirror directories between machines using rsync, for example.
http://linuxmafia.com/~rick/linux-info/ssh-publickey-process
There's also some info here:
http://www.sublimation.org/scponly/
Conor
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
8:50pm up 58 days, 6:08, 0 users, load average: 0.00, 0.00, 0.00
Hobbiton.cod.ie
8:39pm up 1 day, 3:16, 2 users, load average: 0.30, 0.09, 0.03
More information about the Techtalk
mailing list