Ssh for cron

From finninday
Jump to navigation Jump to search

I want to allow certain systems to communicate securely using the least privileges. SSH allows me to do that, even when the communication is initiated through cron.

See this article for reference: http://www.linuxjournal.com/article/8257

I'll be setting up a trust relationship between two machines to allow a daily sync between directories on the two machines. The machine initiating the sync is hostA. The machine acting as backup is hostB.

Create an appropriate key on hostA

ssh-keygen -t dsa -f /home/user/.ssh/sync-key

In this case, I'll leave the passphrase blank.

Copy the key to hostB

Append the public key (sync-key.pub) to the end of ~/.ssh/authorized_keys on hostB

Limit the use of this key

Put these parameters into authorized_keys before the new public key. 

from="hostA,hostB",command="/bin/myscript.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

Use the key

Use the key from within cron on hostA like this: 

30 11 * * * rsync -avz -e "ssh -i /home/user/.ssh/sync-key" --exclude="CVS" /home/rday/doc weasel:/home/rday/
Retrieved from "https://finninday.net/wiki/index.php?title=Ssh_for_cron&oldid=2867"