Ssh for cron: Difference between revisions
Jump to navigation
Jump to search
| Line 13: | Line 13: | ||
===Use the key=== | ===Use the key=== | ||
Use the key from within cron on hostA like this: | Use the key from within cron on hostA like this: | ||
30 11 * * * rsync -avz -e "ssh -i sync-key" --exclude="CVS" /home/rday/doc weasel:/home/rday/ | 30 11 * * * rsync -avz -e "ssh -i /full/path/to/sync-key" --exclude="CVS" /home/rday/doc weasel:/home/rday/ | ||
Revision as of 18:34, 9 September 2009
I want to allow certain systems to communicate securely using the least privileges. SSH allows me to do that, even when the communication is initiated through cron.
I'll be setting up a trust relationship between two machines to allow a daily sync between directories on the two machines. The machine initiating the sync is hostA. The machine acting as backup is hostB.
Create an appropriate key on hostA
ssh-keygen -t dsa -f sync-key
In this case, I'll leave the passphrase blank.
Copy the key to hostB
Append the public key (sync-key.pub) to the end of ~/.ssh/authorized_keys on hostB
Limit the use of this key
Put these parameters into authorized_keys before the new public key.
from="hostA,hostB",command="/bin/myscript.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
Use the key
Use the key from within cron on hostA like this:
30 11 * * * rsync -avz -e "ssh -i /full/path/to/sync-key" --exclude="CVS" /home/rday/doc weasel:/home/rday/