Re: secure copy without user input
On Sat, Mar 10, 2001 at 02:27:07PM -0500, MaD dUCK wrote:
> also sprach Bjarne S . N?ss (on Sat, 10 Mar 2001 01:40:17PM +0100):
> > This is quite simple. Just run ssh-keygen and an empty passphrase.
> > By default the key generated will be put in .ssh/identify.pub copy
> > the line into the .ssh/authorized_keys into the home folder of
> > target machine, and you should be able to ssh and scp into the
> > target machine without password.
>
> except that it won't work with cron because ssh needs a controlling
> tty for rsa or dsa authentication.
No, it needs one -if- you have a passphrase on your key (or it will
invoke the X program to get a passphrase). I have ssh scripts that are
run from cron that work just fine... but they have access to keys that
have no passphrase (and, of course, are restricted in what they can
actually run...)
> the only way around this i found is to write a script which implements
> its own cron. i have one attached which tunnels my fetchmail through
> ssh. same process (and yes, i know fetchmail has a precommand, but
> this is better...)
No, this is simpler:
[thorin:~] 12:51:17pm 131 % cat bin/fetchmailplug
#!/bin/sh
/usr/bin/ssh -i /home/bem/.ssh/mail mailhost /usr/sbin/imapd
Note the '-i', which says to use the 'mail' identity file.. on the
server, that key is only allowed to run imapd.
--
CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g;
Reply to: