lsi wrote: >I have spent many hours attempting to figure out how to get my webserver logfile downloaded (or, website >updates uploaded) via FTP automatically, without having to leave my password floating around on my >machine somewhere. > You can do that with SSH. Have the web server periodically pack up the web logs into a directory accessible only by a special user, then set that user account up to authenticate with a key rather than a password. Then from the downloading machine set up a cron job to 'scp' the files back regularly, and delete them from the server if necessary. Make sure that the 'special' user doesn't have access to anthting on the server except the packed log files. You could even have the server encrypt the files with a public key, and keep the private key for decrypting them on the other machine. Then even if someone gets into the server they can't access the already decrypted log files. You can do the same for the web site uploads. Give a single user account write access to the web directory (and nothing else). Have it authenticate with a key, and 'scp' the files across. If you want these things to happen automatically you can't put a passphrase on the private keys, because if you do someone needs to be there to type the passphrase in. But the private keys are stored on a different machine, not on the server.
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 21:20:52 PST