Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Sending files via scp is failing

  1. #11

    Default

    Ok, what I ment was - what scope does this password-less setup have?

    Does it apply just to root, or all users? Just that remote host, all remote hosts?

  2. #12
    Join Date
    Jun 2008
    Posts
    232

    Default

    It doesn't apply to users specifically.
    The relationship is between the public and private keypair that you generated and on a user level the relationship is between whichever users have these keys accessible to them.

    The scope is as narrow or broad as you make it.

    At the moment, it's quite narrow. Only between root on your box and user xxxxx at ch-s011.rsync.net

    If you were to copy the private key to your home box into folder /home/meathome/.ssh/id_rsa (and applied the appropriate permissions [600] to it) then user meathome on your home box would be able to connect to ch-s011.rsync.net as user xxxxx without requiring a password.

    Similarly, if you were to copy the public key from your server to meatwork user on another server (workserver), either manually or using ssh-copy-id, user root on your server would be able to connect to workserver as user meatwork without requiring a password.

    If you had already done the meathome example, then meathome on homebox could also connect to meatwork on workserver without requiring a password.

    Important to note is that the reverse is not true. Having the public key does not allow you to connect to a host with the private key automatically, so in the examples above, meatwork could not connect to meathome using this method.

    Hope this doesn't confuse things too much.

    Simply remember:
    Having private key unlocks access protected by public key. The private key must be well protected.
    Having public key gives no special benefit, hence its name public

  3. #13
    Join Date
    Jul 2007
    Location
    127.0.0.1
    Posts
    392

    Default

    If you're concerned with security, don't use the root account. Setup a specific user for this specific task (the scheduled file copy) and harden permissions.

    You could also consider setting up an stunnel for another layer of added security. I setup an stunnel this weekend for a central log server Works like a champ.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •