Actually,
You can use net::scp and an RSA key or just execute scp...
An easy method is to add a non-priv user, set up RSA/DSA keys, Then within the key(.ssh/authorized_keys)make some modifications like command=, from=, and various things like that before the key.
EX:
command=*cat >> pflog*,from=*firewall*,no-port-forwarding,
no-X11-forwarding,no-agent-forwarding,no-pty 102435823048999354794546
387730268448993843509453678937752623781590692383465714412310547850845
002743725739940385332209432179012664317663101851362676488696898502309
227231929637769105487294380073461038245801883934544973368435992775028
741798113678310035476893561892917648628649037238909042041894298934725
815994839373584 root@firewall
man sshd to get the full details about locking it down. I've done this for firewall logging, and never had any issues.
Reply With Quote