Ssh for cron

From Finninday

Revision as of 18:29, 9 September 2009 by Rday (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

I want to allow certain systems to communicate securely using the least privileges. SSH allows me to do that, even when the communication is initiated through cron.

I'll be setting up a trust relationship between two machines to allow a daily sync between directories on the two machines. The machine initiating the sync is hostA. The machine acting as backup is hostB.

Contents

1 Create an appropriate key on hostA
2 Copy the key to hostB
3 Limit the use of this key
4 Use the key

Create an appropriate key on hostA

ssh-keygen -t dsa -f sync-key

In this case, I'll leave the passphrase blank.

Copy the key to hostB

Append the public key (sync-key.pub) to the end of ~/.ssh/authorized_keys on hostB

Limit the use of this key

Put these parameters into authorized_keys before the new public key.

from="hostA,hostB",command="/bin/myscript.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

Use the key

Use the key from within cron on hostA like this:

30 11 * * * rsync -avz -e "ssh -i sync-key" --exclude="CVS" /home/rday/doc weasel:/home/rday/

Retrieved from "https://finninday.net/wiki/index.php?title=Ssh_for_cron&oldid=2863"

Systems

Navigation menu