SCP in a script

crispyoz

New Member
I need to be able to use a script to backup some IoT device I am working on, I usually use scp but in a script I would use an identity file, but this would rewuire me to copy the public key of every device to the backup server. I expected there would be an option for the backup server to provide a public key that each client would use to to authenticate, but can't find any such facility.

Am I going down the wrong track or have I missed something.

If I have thousands of clients, it is not practical to copy the public key of every device to the bakup server. Is ther a better idea ?

Thanks for any guidence.
 


Drizzit89

Member
You don't actually supply the public key when using scp. You are going to want to supply the private key of the account being used on the destination when using "scp -i file". Or a more secure option might be to create a service like account with the only purpose and permissions to perform scp to a specific directory on the destination. You could then use username and password in your script and not be reliant on another file to maintain. The account, only created on the destination, wouldn't be able to do anything but read and write to one directory.
 
  • Like
Reactions: Rob

Rob

Administrator
Staff member
@Drizzit89 has a point using the user/password approach, but I always disable password auth via ssh/scp and assume most others do as well?

I think in this case, if you're using keys, you're either going to need to put the backup server's public key on all of the devices (if the backup server is pulling the backups), or put the device keys on the backup server (if the clients are pushing the backups) in order to have a nice secure environment.

You could also set up the server to use certificate based ssh.. they'd auth, get a cert/key that lasts x hours, then be able to scp into the backup server.
 

crispyoz

New Member
Thanks guys. I don't think scp will meet my needs as it is not practical to copy thousands of public keys onto my backup server.
 

crispyoz

New Member
I should clarify that apart from needing to copy each device's public key to the backup server (this is a generic term), requiring each device to transfer its public key to the server as part of its initial user setup is potentially a weak point in the security. What is to stop a hacker taking one of the uninitialised IoT devices,and look at any script to see what the username/password is to send a public key to the backup server?

Once the hacker had that information they could potentially send thousands of nefarious public keys to the backup server.

The solution I was looking for was for the server to publish its public key which the devices would use to send backup data. Since each device is locked down and does not allow any incoming connection.
 

Drizzit89

Member
Yes that is an inherited risk by automating to that degree. That risk can be mitigated through a few methods. 1. Manually copy the key to the server either through ssh or scp without providing the password in the command. You will be prompted for the password and won't be available in clear text on the system. 2. Manually approve the keys written to the backup server. Have the keys written to a dir that is not used for auth and manually move the keys to a dir that is being used for auth. 3. Physically secure all uninitialised devices to mitigate access and possibility of compromise.
The only completely secure computer is an unplugged computer. There is always a compromise between security and usability. The computer may be secure but is it usable.
 

crispyoz

New Member
@Drizzit89 yes I agree, the only totally secure solution is to unplug everything and go home. But we can aspire to something less drastic that keeps the wheels of business turning :)

I appreciate your detailed feedback, I'm going to percolate on this a little more before deciding how to proceed.

Thank you so much.
 



Members online


Latest posts


Top