I'm writing a bash script that will be called from cron to pull a file from a remote server once a day. I'm using SSH, so I need to supply a password automatically since this is running unattended. Here's what I've come up with so far:
1: create a DSA key pair via ssh-keygen
2: copy the public key to the remote server
3: configure ssh-agent to deal with the key passphrase
My question is: Is all this necessary? Is this the simplest/best approach? This is a really simple task, so I'd like to make the configuration as simple as possible while maintaining a reasonable level of security.
Additional info:
-not running the rsync daemon
-both machines are Ubuntu linux
Best Answer
Anything you do will be insecure without the use of
sshandsshd.The canonical way is to use
scpor even better,rsyncand an ssh key without a password.Alternatively, create a key used only for copy, and on the remote end edit the authorized_keys file to contain only the command(s) you need to run, and the key, e.g.:
There is also
scponlyavailable. If you create a user, set their shell in/etc/passwdto/usr/bin/scponlyand they will not be allowed to login, but copy files in and out per the normal permissions.