[Techtalk] Securely transferring files using scripts

Conor Daly conor.daly at oceanfree.net
Sat Jul 20 20:54:50 EST 2002


On Sat, Jul 20, 2002 at 10:00:25AM -0700 or so it is rumoured hereabouts, 
jennyw thought:
> Thanks, Hamster!  But if I do that, and if the box with the script gets
> compromised, won't that give an intruder full access to the second box,
> too?  That's what I want to avoid.  I guess maybe I should learn more 
> about jails or something?  I'm really hoping there's a software package 
> out there that allows people from other machines to drop files onto the 
> machine without giving them any access.

You can secure a key pair for a single task quite easily.  Essentially, it
involves putting the public key into $HOME/.ssh/authorized_keys(2) on the
target and specifying the *exact* command along with the key.  If anyone
tries to use this key your copy command is what will get run.  On your
mailserver you run "rsync -e 'ssh -i <dedicated_private_key>'
<local/files> <remote.server:remote/files>"

I haven't got a URL handy but there should be something linked of Rick
Moen's site at http://www.linuxmafia.com.  Ah, here it is...

Quoting Rick Moen:
> Not if the SSH key is locked down to perform only one specific,
> well-chosen function on the remote end.  I've been known to use this to
> auto-mirror directories between machines using rsync, for example.

http://linuxmafia.com/~rick/linux-info/ssh-publickey-process
 

There's also some info here:
http://www.sublimation.org/scponly/

Conor
-- 
Conor Daly <conor.daly at oceanfree.net>

Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
  8:50pm  up 58 days,  6:08,  0 users,  load average: 0.00, 0.00, 0.00
Hobbiton.cod.ie
  8:39pm  up 1 day,  3:16,  2 users,  load average: 0.30, 0.09, 0.03



More information about the Techtalk mailing list