unattended, *secure* ssh backups
Here's my situation. I want to be able to periodically send a copy of a file on a remote hosted server (one over which I do not have control) to my personal server. I want to be able to do this unattended, and I don't want to leave my system open to either the owners of that server or anyone else that happens to get through its security.
What I prefer as a mechanism is a cron job that calls the script to create the file, then calls scp to transfer it, and then deletes the file.
How can I arrange it so that the file transfer portion of this setup will not require interaction (vis: a password or such) but not leave my local server open to access from the remote one other that for this one transfer?
Install this on your server (the one you control) and create a disposable user just for accepting transfered files. Make the shell for this disposable user "scponly". Now you can safely use scp or sftp from the remote server in a cron job using an identity file with no passphrase.
Of course, you must be very careful about how you handle the files that have been uploaded to your server because they could contain malicious data. You should do some kind of verification on the files before you use them in a trusted manner.
|All times are GMT -5. The time now is 12:45 PM.|