[Web4lib] Off-site backups and scripted SCP/SFTP

Francis Kayiwa kayiwa at uic.edu
Tue Jul 25 11:25:21 EDT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Jul 25, 2006, at 7:36 AM, Keith D. Engwall wrote:

> I'm curious as to whether anyone is using commercial off-site  
> backups and if so, what service they are using.
>
> We've got about 5GB (mostly from our LIS), and would prefer to use  
> SFTP or SCP with keys (because of scripts).
>
> Also,
> I've found some information online about setting up SSH Keys for  
> scripts, but it seems like either
>
> a) you have to not password protect the key
>
> or
>
> b) you have to manually enter the password after a reboot of the  
> computer (using ssh-agent or similar solution)
>
> I'm trying to find a third, in between method... where the password  
> is stored somewhere obscure.  Obviously this is still a security  
> risk, but it's at least less of one than using cleartext ftp with  
> the username and password in the script.
>
> Any ideas?

Why not use SSH instead of SFTP/SCP?

SSH will pass STDIN through the encrypted session to STDOUT on the  
remote end. This takes care of it no? Also, forced commands permit  
immediate command execution method through normal shell notation

To specify a forced command to a system using OpenSSH, one prepends  
'command="some command" to the beginning of the line containing the  
public key. Other SSH servers may use different syntax. Consult your  
documentation on the correct format, or start using OpenSSH :-)

I would probably use dd for something like this. Mostly to protect  
the user from overwriting the public keys.

command="/usr/bin/dd of=/path/to/file"

This assuming you are using "put" (to borrow from FTP parlance)

otherwise

command="dd if=/file/to/send" for "get."

All the above would be the modification at the "server" end.

On the client end

"cat file | ssh remotehost"

or on Windows using putty

"type file | plink remotehost"

Depending on if the outside datacenter accepts SSH connections you  
may need a "Man in the Middle" host but we would be getting way ahead  
of ourselves. :-)

regards,
./fxk

===============
Francis Kayiwa
Library Systems Team
4-180, MC 234
T: +1.312.996.2716
W: http://www.uic.edu/~kayiwa
Key: http://tigger.uic.edu/~kayiwa/kayiwa.gpg


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFExjfkN+YGKSXdLhkRAjLZAJ0ePy1g2fXzMONXPyH9yG94z8iUiwCeKutj
UYUxhnRlo7jCXHrWDZhAvpg=
=NoLv
-----END PGP SIGNATURE-----

More information about the Web4lib mailing list