You can send file transfer commands from System A to write to that directory, you just won't ever be able to read them. For the System B user that is used for the SCP transfer, only give write access to a specific directory and read permission nowhere on System B. You could still use SSH to send the files. But as long as the web app that receives the upload doesn't give read access of any sort, the requirement to keep the root user off of System B is met. Any root user on System A will be able to see a file that stores an app secret, so they would be able to upload files in the same way.
#Search all files for text using ssh password#
Require an app secret or password if needed. Create or find a simple web app that can receive a file upload and write it to a desired directory.
Maybe SSH isn't the right tool for these requirements?įile transfers happen to websites all the time without the uploader gaining access to the underlying system. SSH is designed to give access to a system, yet you want to use SSH and not give access to the system. There is a problem with the assumptions behind your question. Httpd.socket = ssl.wrap_socket(httpd.socket, certfile='./certs_and_key.pem', server_side=True)īasic auth requires a little more code, but that can also be done. Httpd = BaseHTTPServer.HTTPServer(('0.0.0.0', 8443), SimpleHTTPServer.SimpleHTTPRequestHandler) This will not protect the data from the root users on either of the two systems: both may read the data and modify it on their respective side and there's literally nothing you can do about that.Ī simple HTTP server can be started in a number of ways, eg:Įncrypting the connection requires creating an SSL certificate and a few lines of Python code: #!/usr/bin/python To protect the data from unrelated third parties, you'll have to encrypt the connection (use HTTPS, not plain HTTP) and use at least basic auth. run a server on A and have B GET the data.Ssh and rsync (and SFTP) will always give you a login on the server you're connecting to that you may or may not be able to control.
0 kommentar(er)
