Oh, I DO love expect, but in this case it's not really practical. This script needs to be run autonomously, and I'm not about to hardcode a password into this thing. I think the best way to do this is to use the limitations in the authorized_keys file to greatly reduce the accessibilty through a passwordless transfer.