Take a look at Keychain. It lets you encrypt your keys, but use them in cron scripts. Don't have a url, but it's on the gentoo.org site. Justin On Thu, 2002-11-07 at 13:50, Maarten wrote: > Hi Gurdeep, > > What I like to do is create a keypair and transfer files using those for > authentication. With this concept, you have strong encryption and a good > form of authentication (using public/privat keys). > > An example to help you get going: > 1. Create the a keypair on the server from where you want to initiate your > session. > ssh-keygen -t rsa -b 4096 # (yes, I am quite a paranoid kind of guy) > Generating public/private rsa key pair. > If it is asking for a password, use enter for not protecting your privat key > with a password. In general, this is not good practise, but it is impossible > to automate your transfers if you assign a password to your privat key. > 2. You now have a public/privat keypair in the .ssh directory of the user > you used to create the keys. Copy the public key (.pub) to the server you > want to exchange files with. > 3. To gain access to this server, you have to put the public keys in the > "authorized_keys" file of the user that will be used to access the server. > It is good practise to create a seperate user for this function. > example: > useradd copy > passwd copy (very strong and unrememberable, since you do not need this > password after your done) > cd /home/copy > mkdir .ssh > chmod 700 .ssh > cd .ssh > mv id_rsa.pub authorized_keys > chmod 600 authorized_keys > > Now you can access the server without a password to copy files (only from > the account you used to create the keypair!!!). What I like to do is > minimize the access rights for public/privat key authentication. You can add > several options to your "authorized_keys" file to disable port forwarding or > force the source IP. I also like to force the file that can be received or > send. Unfortunately, I did not succeed to allow several files to be received > or send by one public/privat keypair :-(. Of course you can set up multiple > accounts to achieve that and still have the security... > > hth, maarten > > > Can anyone guide me on automating SCP. > > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8hO+VBOGVGcv6DNwRAnATAJ41CA57cwrv71e3qhTzVFv2Pz6j0QCgonV7 TPZfyZ+m7eZX3oHeZ3YhT9E= =fFbZ -----END PGP SIGNATURE-----
Attachment:
signature.asc
Description: This is a digitally signed message part
