Question

21

How can I perform a secure automatic file transfer between two servers?

rated 0 times [ 21] [ 0] / answers: 1 / hits: 4068 / 2 Years ago, sun, october 16, 2022, 9:50:57

I would like to transfer some files from a server A to a server B daily (for backup purposes). However, I cannot find a way that does not create security breaches. My goal is that someone with sudo rights on server A cannot exploit this transfer to connect to server B.

My base idea was to do a cronjob with a scp (or similar) command in it. Obviously, using a password-based SSH connection between A and B does not work, and using a key-based SSH connection would, as far as I know allow a user of server A to connect directly to B via A.

I'm no security expert, I may be missing the obvious here. Is there a way to achieve what I want?

I do not want users of server B to be able to connect to server A either.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

exceeeelh

Add To Favorites

Follow

Total Points: 21

Total Questions: 109

Total Answers: 120

Location: Marshall Islands

Member since Wed, Jan 5, 2022

2 Years ago

exceeeelh questions

1 how to remove wireguard

Sun, Nov 20, 22, 17:08, 1 Year ago

1 How do I execute a script upon network connection?

Sat, Jan 1, 22, 08:04, 2 Years ago

1 Ubuntu Terminal without password?

Wed, May 12, 21, 05:11, 3 Years ago

1 How do I install kernel 5.15.7=> on Ubuntu 21.10 Impish Indri?

Wed, Oct 19, 22, 13:23, 2 Years ago

1 Ubuntu 20.04 not fully shutdown, power light is still on. After system upgrade and uninstalling some snap programs

Fri, Oct 28, 22, 12:48, 2 Years ago

View All

answered 2 Years ago hamostic · Accepted Answer

You can't hide anything on the system from someone who have root access. Even you are using encrypted home directory while you are logged-in it is decrypted and the root user can access the data.

Probably the most simple way to accomplish this task is to setup a third instance that is able to log-in via SSH to both Server A and Server B. Then you can use the scp command (on that third instance) to copy the file from A to B in the following way.

scp -3 serverA:/path/to/the/file serverB:/path/to/store/

The hosts serverA and serverB are configured in ~/.ssh/config at the third instance.

Note the option -3, it cause the third instance to operate as intermediate server. In case this option is not presented Server A will be instructed to connect to Server B, but it will need credentials. This option disables the progress meter.

The long version of the answer is available at the history.