Someone remote from me has a large file (few hundred MB's) I need. One way to transfer that file would be using scp. I've got a VPS running ssh (dropbear, actually) with plenty of space and bandwidth where I could have him upload that file. I don't want to bother with adding an account for him on the VPS, since he will almost certainly never be copying anything else to this server. So I'm looking for a one-time solution, using scp, to resolve this issue.

I've found a terse description of how such a thing might be accomplished by generating and using what would be essentially a disposable key pair--see http://serverfault.com/questions/596...4-ec2-machines . But I'm not real clear on how this would actually be implemented, since there's still quite a lot I don't understand about the task and I seem to get quickly confused when dealing with encryption schemes.

Ok, I know how to generate a key pair and have already done that. I also know how to copy the created key to the server--no problem so far. But am confused by the next steps. I would guess I next need to send him the private half of the key, and have him stash that in an appropriate directory on his machine, right? Another thing that confuses me is the host name that is included with the public key: do I have to know the host name of the computer he'll be scp'ing from so as to include that in the key I'll copy to the server?

Clarifications on how to accomplish this task will be appreciated. I'm also open to alternative suggestions, though I already know about and have considered options like dropbox. So no need to rehash those. I'd like to pursue the scp option, since it might come in handy in the future and implementing it could help me better understand some things about keys and encryption.

You may get some ideas here :
Why not just setup Apache-auth and then trash it once the file is transferred ? Fairly easy to do.

Thanks for the input, ceyx. Interesting suggestion about Apache-auth, which I actually did set up on a computer on my LAN. But Apache's not installed on the VPS, and installing and configuring it would be a lot more work than just setting up an account for a new user. Plus, the VPS is pretty low-resource and thus not a good target for an Apache install, and, other than this file transfer, I see no future need for a web server on this VPS. Still, it's something for consideration.

I did manage to find this, http://serverfault.com/questions/582...rsa-public-key , which seem to indicate that the host need not be specified in the public key. I infer from that, if the answer is at all correct, that I might be able to simply pass these keys--sans host specification--to the user in question and have him place them in an appropriate directory, then do the scp. Or perhaps the key can be specified on the command line? I'll look into that now.

The host does not need to be specified, but the host IP, username and password does. (Actually you can allow no passwords if you like, but VERY silly. See the sshd_config file in /etc/ssh for info.)
So your sender would need a username/password.

to set them up:
scp the file

to remove the account:
done deal !

Thanks for the further input, ceyx. Looks, per your comment, like I may have been under a misconception in thinking that using a disposable key pair might obviate the need for creating/deleting a new user on the VPS. I was hoping to get around taking those extra steps. So, are you saying the disposable-key scp scenario I'm aiming to implement cannot be accomplished without the adduser/deluser steps you've just described?

There is a difference between what is possible and what is practical or safe. You can allow anonymous logins if you like, but why would you ? Nevermind, the answer just came to me
Just be aware that everyone and their dog will try to get in.

If one was vigilant, and only allowed anonymous logins with a keypair that is deleted after use, for a specific period of time, it could work.

Somehow you have to get the public part of the keypair to them for them to use, so why not give them a BS username at the same time, and avoid the use of anonymous logins ?

do a search on 'keygen ssh' for more specifics.

keep us posted

I didn't mention that ssh (actually dropbear) runs on a non-standard port. That's not much of an obstacle but, given the other aspects of this scenario, seems to me to lower the risks to acceptably levels.
Yeah, that's pretty much the scenario I'm envisioning. The key pair gets created, I send relevant parts to the scp'er and tell him to upload the file within a certain time frame. Then I delete the keys and undo whatever other configurations I did to get this working.
Was planning on just e-mailing that to him. Right now I'm struggling to understand how the user and key are connected and, more importantly, whether they can be somehow disconnected for a one-time scenario like this one. It sounds like what you're saying is that the only way to do something like this would be to allow anonymous users to connect if they have a valid key: am I understanding you correctly?
Will do. Thanks.

If ssh-based doesnt work, could always try woof instead of apache.

Eg

Yes, that would be far easier.
Check out too.