Difference between revisions of "Ssh for cron"
From Finninday
(→Create an appropriate key on hostA) |
(→Use the key) |
||
Line 16: | Line 16: | ||
===Use the key=== | ===Use the key=== | ||
Use the key from within cron on hostA like this: | Use the key from within cron on hostA like this: | ||
− | 30 11 * * * rsync -avz -e "ssh -i / | + | 30 11 * * * rsync -avz -e "ssh -i /home/user/.ssh/sync-key" --exclude="CVS" /home/rday/doc weasel:/home/rday/ |
Latest revision as of 18:44, 9 September 2009
I want to allow certain systems to communicate securely using the least privileges. SSH allows me to do that, even when the communication is initiated through cron.
See this article for reference: http://www.linuxjournal.com/article/8257
I'll be setting up a trust relationship between two machines to allow a daily sync between directories on the two machines. The machine initiating the sync is hostA. The machine acting as backup is hostB.
Contents
Create an appropriate key on hostA
ssh-keygen -t dsa -f /home/user/.ssh/sync-key
In this case, I'll leave the passphrase blank.
Copy the key to hostB
Append the public key (sync-key.pub) to the end of ~/.ssh/authorized_keys on hostB
Limit the use of this key
Put these parameters into authorized_keys before the new public key.
from="hostA,hostB",command="/bin/myscript.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
Use the key
Use the key from within cron on hostA like this:
30 11 * * * rsync -avz -e "ssh -i /home/user/.ssh/sync-key" --exclude="CVS" /home/rday/doc weasel:/home/rday/