Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Someone remote from me has a large file (few hundred MB's) I need. One way to transfer that file would be using scp. I've got a VPS running ssh (dropbear, actually) with plenty of space and bandwidth where I could have him upload that file. I don't want to bother with adding an account for him on the VPS, since he will almost certainly never be copying anything else to this server. So I'm looking for a one-time solution, using scp, to resolve this issue.
I've found a terse description of how such a thing might be accomplished by generating and using what would be essentially a disposable key pair--see http://serverfault.com/questions/596...4-ec2-machines . But I'm not real clear on how this would actually be implemented, since there's still quite a lot I don't understand about the task and I seem to get quickly confused when dealing with encryption schemes.
Ok, I know how to generate a key pair and have already done that. I also know how to copy the created key to the server--no problem so far. But am confused by the next steps. I would guess I next need to send him the private half of the key, and have him stash that in an appropriate directory on his machine, right? Another thing that confuses me is the host name that is included with the public key: do I have to know the host name of the computer he'll be scp'ing from so as to include that in the key I'll copy to the server?
Clarifications on how to accomplish this task will be appreciated. I'm also open to alternative suggestions, though I already know about and have considered options like dropbox. So no need to rehash those. I'd like to pursue the scp option, since it might come in handy in the future and implementing it could help me better understand some things about keys and encryption.
Thanks for the input, ceyx. Interesting suggestion about Apache-auth, which I actually did set up on a computer on my LAN. But Apache's not installed on the VPS, and installing and configuring it would be a lot more work than just setting up an account for a new user. Plus, the VPS is pretty low-resource and thus not a good target for an Apache install, and, other than this file transfer, I see no future need for a web server on this VPS. Still, it's something for consideration.
I did manage to find this, http://serverfault.com/questions/582...rsa-public-key , which seem to indicate that the host need not be specified in the public key. I infer from that, if the answer is at all correct, that I might be able to simply pass these keys--sans host specification--to the user in question and have him place them in an appropriate directory, then do the scp. Or perhaps the key can be specified on the command line? I'll look into that now.
The host does not need to be specified, but the host IP, username and password does. (Actually you can allow no passwords if you like, but VERY silly. See the sshd_config file in /etc/ssh for info.)
So your sender would need a username/password.
Thanks for the further input, ceyx. Looks, per your comment, like I may have been under a misconception in thinking that using a disposable key pair might obviate the need for creating/deleting a new user on the VPS. I was hoping to get around taking those extra steps. So, are you saying the disposable-key scp scenario I'm aiming to implement cannot be accomplished without the adduser/deluser steps you've just described?
are you saying the disposable-key scp scenario I'm aiming to implement cannot be accomplished without the adduser/deluser steps you've just described
There is a difference between what is possible and what is practical or safe. You can allow anonymous logins if you like, but why would you ? Nevermind, the answer just came to me
Just be aware that everyone and their dog will try to get in.
If one was vigilant, and only allowed anonymous logins with a keypair that is deleted after use, for a specific period of time, it could work.
Somehow you have to get the public part of the keypair to them for them to use, so why not give them a BS username at the same time, and avoid the use of anonymous logins ?
Just be aware that everyone and their dog will try to get in.
I didn't mention that ssh (actually dropbear) runs on a non-standard port. That's not much of an obstacle but, given the other aspects of this scenario, seems to me to lower the risks to acceptably levels.
Quote:
Originally Posted by ceyx
If one was vigilant, and only allowed anonymous logins with a keypair that is deleted after use, for a specific period of time, it could work.
Yeah, that's pretty much the scenario I'm envisioning. The key pair gets created, I send relevant parts to the scp'er and tell him to upload the file within a certain time frame. Then I delete the keys and undo whatever other configurations I did to get this working.
Quote:
Originally Posted by ceyx
Somehow you have to get the public part of the keypair to them for them to use, so why not give them a BS username at the same time, and avoid the use of anonymous logins ?
Was planning on just e-mailing that to him. Right now I'm struggling to understand how the user and key are connected and, more importantly, whether they can be somehow disconnected for a one-time scenario like this one. It sounds like what you're saying is that the only way to do something like this would be to allow anonymous users to connect if they have a valid key: am I understanding you correctly?
If ssh-based doesnt work, could always try woof instead of apache.
Code:
woof - A small, simple, stupid webserver to share files
woof is a tool to copy files between hosts. It can serve a specified file on HTTP,just for a given number of times, and then shutdown. It can be easily used to share files across the computers on a net, and given that the
other ends should have just a browser, it can share stuff between different operating system, or different devices (e.g.: a smartphone). It can also show a simple html form in order to upload a file. commands.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.