Re: PGP scripting...

From: Darryl Luff (darrylat_private)
Date: Wed Jan 08 2003 - 16:51:18 PST

  • Next message: Tom Arseneault: "RE: PGP scripting..."

    lsi wrote:
    
    >I have spent many hours attempting to figure out how to get my webserver logfile downloaded (or, website 
    >updates uploaded) via FTP automatically, without having to leave my password floating around on my 
    >machine somewhere.
    >
    You can do that with SSH. Have the web server periodically pack up the 
    web logs into a directory accessible only by a special user, then set 
    that user account up to authenticate with a key rather than a password.
    
    Then from the downloading machine set up a cron job to 'scp' the files 
    back regularly, and delete them from the server if necessary.
    
    Make sure that the 'special' user doesn't have access to anthting on the 
    server except the packed log files.
    
    You could even have the server encrypt the files with a public key, and 
    keep the private key for decrypting them on the other machine. Then even 
    if someone gets into the server they can't access the already decrypted 
    log files.
    
    
    You can do the same for the web site uploads. Give a single user account 
    write access to the web directory (and nothing else). Have it 
    authenticate with a key, and 'scp' the files across.
    
    
    If you want these things to happen automatically you can't put a 
    passphrase on the private keys, because if you do someone needs to be 
    there to type the passphrase in. But the private keys are stored on a 
    different machine, not on the server.
    



    This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 21:20:52 PST