Re: how to automate scp

From: Justin Ellison (justin@techadvise.com)
Date: 11/08/02 

From: Justin Ellison <justin@techadvise.com>
To: security-discuss@linuxsecurity.com
Date: 08 Nov 2002 09:26:13 -0600

Take a look at Keychain. It lets you encrypt your keys, but use them in
cron scripts. Don't have a url, but it's on the gentoo.org site.

Justin

On Thu, 2002-11-07 at 13:50, Maarten wrote:
> Hi Gurdeep,
>
> What I like to do is create a keypair and transfer files using those for
> authentication. With this concept, you have strong encryption and a good
> form of authentication (using public/privat keys).
>
> An example to help you get going:
> 1. Create the a keypair on the server from where you want to initiate your
> session.
> ssh-keygen -t rsa -b 4096 # (yes, I am quite a paranoid kind of guy)
> Generating public/private rsa key pair.
> If it is asking for a password, use enter for not protecting your privat key
> with a password. In general, this is not good practise, but it is impossible
> to automate your transfers if you assign a password to your privat key.
> 2. You now have a public/privat keypair in the .ssh directory of the user
> you used to create the keys. Copy the public key (.pub) to the server you
> want to exchange files with.
> 3. To gain access to this server, you have to put the public keys in the
> "authorized_keys" file of the user that will be used to access the server.
> It is good practise to create a seperate user for this function.
> example:
> useradd copy
> passwd copy (very strong and unrememberable, since you do not need this
> password after your done)
> cd /home/copy
> mkdir .ssh
> chmod 700 .ssh
> cd .ssh
> mv id_rsa.pub authorized_keys
> chmod 600 authorized_keys
>
> Now you can access the server without a password to copy files (only from
> the account you used to create the keypair!!!). What I like to do is
> minimize the access rights for public/privat key authentication. You can add
> several options to your "authorized_keys" file to disable port forwarding or
> force the source IP. I also like to force the file that can be received or
> send. Unfortunately, I did not succeed to allow several files to be received
> or send by one public/privat keypair :-(. Of course you can set up multiple
> accounts to achieve that and still have the security...
>
> hth, maarten
>
> > Can anyone guide me on automating SCP.
>
>
>
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
> 

-- 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8hO+VBOGVGcv6DNwRAnATAJ41CA57cwrv71e3qhTzVFv2Pz6j0QCgonV7
TPZfyZ+m7eZX3oHeZ3YhT9E=
=fFbZ
-----END PGP SIGNATURE-----

------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.