I'm writing a bash script that will be called from cron to pull a file from a remote server once a day. I'm using SSH, so I need to supply a password automatically since this is running unattended. Here's what I've come up with so far:
1: create a DSA key pair via ssh-keygen
2: copy the public key to the remote server
3: configure ssh-agent
to deal with the key passphrase
My question is: Is all this necessary? Is this the simplest/best approach? This is a really simple task, so I'd like to make the configuration as simple as possible while maintaining a reasonable level of security.
Additional info:
-not running the rsync daemon
-both machines are Ubuntu linux
Best Answer
Anything you do will be insecure without the use of
ssh
andsshd
.The canonical way is to use
scp
or even better,rsync
and an ssh key without a password.Alternatively, create a key used only for copy, and on the remote end edit the authorized_keys file to contain only the command(s) you need to run, and the key, e.g.:
There is also
scponly
available. If you create a user, set their shell in/etc/passwd
to/usr/bin/scponly
and they will not be allowed to login, but copy files in and out per the normal permissions.