[plug] Using SCP without entering a password interactively
Michael Beattie
omnic at ethernal.org
Thu Sep 27 18:52:17 WST 2001
On Thu, Sep 27, 2001 at 01:23:12PM +0800, Jeremy Malcolm wrote:
> > Is there any way of passing a password to scp on the command line or in
> > a config file, etc.?
>
> Yes this is easy to do, you just need to create your ssh private key
> without a passphrase on it, then copy the public key (normally the
> filename is identity.pub) to the other machine's ~/.ssh directory and
> name it "authorized_keys". That should be all there is to it...
YUCK. do not do that.
It is a lot more secure to set up a public key pair that *does* have a
passphrase, and use a command lock on the remote end, and batchmode.
1) generate key pair.
2) copy identity.pub to remote host, and append to ~/.ssh/authorized_keys
3) prepend the line with 'command="some command"'
4) use:
ssh -o"BatchMode yes" user at remote.tld sleep 1
the sleep command never gets run, but the command in the remote
authorized_keys file is.
Now, this does not solve the problem of transferring files. but, scp is just
a wrapper around ssh, believe it or not. so, make the remote command a `cat`
of some file, probably prepared via a cronjob.
then: ssh -o"BatchMode yes" user at remote.tld sleep 1 > copied_file
Remember, this is *nix. there are thousands of ways to skin an
australian^W^H^H cat.
disclaimer: this is all off the top of my head, and ftp-master.debian.org is
down at the moment, so I cannot check my explanation of the above.
(mirroring of the Debian archive is done by an ssh trigger, using the above
method)
Mike.
--
Michael Beattie <mike at ethernal.org>
Trees moving back and forth make the wind blow.
More information about the plug
mailing list