Re: Rename files with scp?

From: David Magda (dmagda+trace040726_at_ee.ryerson.ca)
Date: 12/24/04

  • Next message: Javed: "configuring ssh-agent to automate passphrase for the key" 
    Date: 24 Dec 2004 16:54:45 -0500

    Chuck <skilover@softhome.net> writes:

    > This application is going to run completely unattended through cron
    > so I don't think ssh-agent/ssh-add is an option. Ssh-add will
    > require keyboard input. I'll probably just use an unencrypted
    > public key file and protect it at the o/s level so that only the
    > owner of the file can read it.

    You may also want to use the "command=" directive in the
    authorized_keys file so that even if the key is compromised the
    attacker will only do what the key was intended for.

    >From sshd(8):

         command="command"
                 Specifies that the command is executed whenever this key
                 is used for authentication. The command supplied by the
                 user (if any) is ignored. The command is run on a pty
                 if the client requests a pty; otherwise it is run
                 without a tty. If a 8-bit clean channel is required,
                 one must not request a pty or should specify no-pty. A
                 quote may be included in the command by quoting it with
                 a back- slash. This option might be useful to restrict
                 certain public keys to perform just a specific
                 operation. An example might be a key that permits
                 remote backups but nothing else. Note that the client
                 may specify TCP/IP and/or X11 forwarding unless they are
                 explicitly prohibited. Note that this option applies to
                 shell, command or subsystem execution. 

    -- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
  • Next message: Javed: "configuring ssh-agent to automate passphrase for the key"