[Gllug] Non-interactive sftp
Tethys
sta296 at astradyne.co.uk
Mon Oct 10 16:40:44 UTC 2005
Steve Nelson writes:
>I'm trying to allow sftp using key-based authentication so that some
>critical files can be transferred securely via cron.
Err... why? sftp is designed for interactive use. If you want something
non-interactive to run from cron, use scp instead. That said, you'll
still have the same problems. You can mitigate them by:
1. Running a restrictive shell. This screws people that want to use a
graphical client like winscp, as /bin/ls won't work, so they won't
get a file listing. If your target audience doesn't include such
people, then it's worth considering.
2. Running in a chrooted environment. This is a good idea for many reasons.
3. Restricting the commands that a user is allowed to run if they've
authenticated with a given key. Again, a good idea.
Tet
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list