From owner-freebsd-security  Wed Jul 18 13: 4:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail2.mediadesign.nl (md2.mediadesign.nl [212.19.205.67])
	by hub.freebsd.org (Postfix) with SMTP id 95C7237B40D
	for <security@freebsd.org>; Wed, 18 Jul 2001 13:04:43 -0700 (PDT)
	(envelope-from alson@mediadesign.nl)
Received: (qmail 32697 invoked by uid 1002); 18 Jul 2001 20:04:42 -0000
Date: Wed, 18 Jul 2001 22:04:42 +0200
From: Alson van der Meulen <freebsd@alson.linuxfreak.nl>
To: security@freebsd.org
Subject: Re: Piping and scripts with scp
Message-ID: <20010718220442.B15065@md2.mediadesign.nl>
Mail-Followup-To: security@freebsd.org
References: <200107181959.NAA06459@lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200107181959.NAA06459@lariat.org>
User-Agent: Mutt/1.3.18i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Jul 18, 2001 at 01:59:54PM -0600, Brett Glass wrote:
> I need to create a script that deposits the output of a program in a file on a
> remote host. I'd like to do this over an encrypted connection, so I'd like to
> use scp for this purpose.  The script will need to execute via cron and run
> unattended, and I'm limited to the SSH-1 protocol for the moment (though I
> intend to move to SSH-2 when all the hosts can handle it).
> 
> Trouble is, I cannot seem to find options for scp that will allow me
> to (a) pipe data into it for placement in the remote file; or
echo foo | ssh myuser@myhost dd of=bar

> (b) supply a password -- kept only in the script, which cannot be
> read except by root -- in advance rather than manually at the console.
> (Yes, I could generate and use RSA keys, but since anyone who could
> view the script will have broken root, he or she could also get at
> the private key anyway... so there's no additional security in this.)
> Help from someone experienced with scp and ssh would be appreciated.
You really should use RSA keys without passphrase for this, though you
could use something like expect to enter a password in batch, RSA keys
is really the way to go for scripts.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message