Ssh for cron: Difference between revisions

Revision as of 18:44, 9 September 2009

I want to allow certain systems to communicate securely using the least privileges. SSH allows me to do that, even when the communication is initiated through cron.

See this article for reference: http://www.linuxjournal.com/article/8257

I'll be setting up a trust relationship between two machines to allow a daily sync between directories on the two machines. The machine initiating the sync is hostA. The machine acting as backup is hostB.

Create an appropriate key on hostA

ssh-keygen -t dsa -f /home/user/.ssh/sync-key

In this case, I'll leave the passphrase blank.

Copy the key to hostB

Append the public key (sync-key.pub) to the end of ~/.ssh/authorized_keys on hostB

Limit the use of this key

Put these parameters into authorized_keys before the new public key.

from="hostA,hostB",command="/bin/myscript.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

Use the key

Use the key from within cron on hostA like this:

30 11 * * * rsync -avz -e "ssh -i /full/path/to/sync-key" --exclude="CVS" /home/rday/doc weasel:/home/rday/

Ssh for cron: Difference between revisions

Revision as of 18:44, 9 September 2009

Contents

Create an appropriate key on hostA

Copy the key to hostB

Limit the use of this key

Use the key

Navigation menu

Ssh for cron: Difference between revisions

Revision as of 18:44, 9 September 2009

Create an appropriate key on hostA

Copy the key to hostB

Limit the use of this key

Use the key

Navigation menu

Search