[plug] Using SCP without entering a password interactively

Michael Beattie omnic at ethernal.org
Thu Sep 27 18:52:17 WST 2001


On Thu, Sep 27, 2001 at 01:23:12PM +0800, Jeremy Malcolm wrote:
> > Is there any way of passing a password to scp on the command line or in
> > a config file, etc.?
> 
> Yes this is easy to do, you just need to create your ssh private key
> without a passphrase on it, then copy the public key (normally the
> filename is identity.pub) to the other machine's ~/.ssh directory and
> name it "authorized_keys".  That should be all there is to it...

YUCK. do not do that.

It is a lot more secure to set up a public key pair that *does* have a
passphrase, and use a command lock on the remote end, and batchmode.

1) generate key pair.
2) copy identity.pub to remote host, and append to ~/.ssh/authorized_keys
3) prepend the line with 'command="some command"'
4) use:
   ssh -o"BatchMode yes" user at remote.tld sleep 1

the sleep command never gets run, but the command in the remote
authorized_keys file is.

Now, this does not solve the problem of transferring files. but, scp is just
a wrapper around ssh, believe it or not. so, make the remote command a `cat`
of some file, probably prepared via a cronjob.

then:   ssh -o"BatchMode yes" user at remote.tld sleep 1 > copied_file

Remember, this is *nix. there are thousands of ways to skin an
australian^W^H^H cat.

disclaimer: this is all off the top of my head, and ftp-master.debian.org is
down at the moment, so I cannot check my explanation of the above.
(mirroring of the Debian archive is done by an ssh trigger, using the above
method)

Mike.
-- 
Michael Beattie <mike at ethernal.org>

Trees moving back and forth make the wind blow.



More information about the plug mailing list