Hello, Well I spent yesterday setting up using openssh (2.1.0p3) and scp between to Sun Solaris 7 systems to copy files from one system to the other via cron. It works but I'm not sure it's right. Because this is run via cron there are no passphrases involved. However, in order to provide some security I am using ssh protocol 1 and keys with the 'from=' and 'command=' options specified. I'm using protocol 1 since I gather this isn't implemented in protocol 2 yet. Now system A invokes ssh via cron and specifies a particular identity key (ssh -i). The public key is on the other system (system B) in the authorized_keys file and specifies a 'from=' option and a 'command=' option. The command option specifies (in effect) 'scp ./file1 ./file2 A:' - that is, copy file1 and file2 from the home directory to system A. The username is the same on both systems. In order for this to work I need to specify a key, again with no passphrase, which scp can use. The key has been copied to system A and specifies a 'from=' option. However, it cannot specify a 'command=' option since the scp won't then work. The question is this. The user on system B can now specify the scp key and execute any command they like on system A. So how can I run scp to copy files from one system to another, via cron, without allowing the user to execute arbitrary commands? I could cut some of this out and simply run scp from system A to B, but again the key on system B would then have no 'command=' option, and hence the user on system A could execute commands on system B. (I probably will do this anyway, but I'd like a more secure solution if possible.) Thanks for any help, John. -------------------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] PGP key available from public key servers
