Shawn Fertch wrote: > I need to do some ssh jobs from a group of servers that copy a couple > of files to another server. > > I know how to setup for a basic unattended ssh job: > > $ssh-keygen -t dsa (if wanting no passwd hit enter key) > $sftp username at server.domain > sftp> mkdir .ssh > sftp> cd .ssh > sftp> put .ssh/id_dsa.pub authorized_keys2 > sftp> exit > (at this point can ssh/scp without password prompt. if typed in a > password need to continue:) > $eval `ssh-agent` > $ssh-add (will prompt for password at this time) > $ssh servername > > > What I need to do is set it up so that when the id ssh's into the box > it copies data to, it copies it to a specific directory and cannot do > anything else. However, I still need to keep this id capable of > logging in locally to the system and have shell access. > > I'm not sure of the right way to do this. I found some documentation, > but it doesn't work properly. Any help on this would be appreciated, > as I am running out of time to get this setup. > > Thanks! > I don't know how you would prevent a user from doing things sometimes and allow it other times, unless you can strictly identify those times and do some sort of time based access control, but that seems unlikely. Is there a reason you can't create an account specifically for the batch jobs and give the appropriate restricted access to that account? We do that at my office, works well. Josh _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list