UNIX: a quick recap of a good tip combo picked up from ILUG recently. To paraphrase Conor Wynne’s original question:
What’s the best way to set up a secure connection between two hosts, possibly over the internet, using SSH, suitable for use from cron so that it can run via crontab without entering authentication manually?
Barry O’Donovan replied:
I suggested ssh keys without passphrases … in
http://www.barryodonovan.com/publications/lg/104/ and it includes instructions. … You can invoke rsync over ssh and specify a specific key with:
rsync -a -e ’ssh -i /home/username/.ssh/id_rsa-serverbackup’
Colm MacCárthaigh followed up with:
You can restrict what commands an ssh account can run in the ssh public key. This is how some of our more important projects (like Debian, FreshRPMS, and a few more) push us updates. The key looks like (jm: all on one line, no space between ‘no-pty,’ and ‘command’):
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty, command=”/home/ximian/rsync-ximian-nolog &”
ssh-dss keydata username@blah
So, create a passwordless public key like so, and just change the command to whatver rsync runs.
Combined, that’s a useful tip — I knew about the ssh command restriction technique, but being able to use a specific single-purpose key from the ssh client is very useful.
(updated: mbp mailed to note some missing quotes in Barry’s command above; they’d been eaten by WebMake. drat.)