How do I securely move files in an automated way?
June 14, 2017 6:34 AM Subscribe
I am in the process of building an All Sky Camera. I have it basically working at this point, but I'm stuck on how to transfer the images/movies off of the Raspberry Pi that is controlling the camera and storing the images. What is a good, secure way to do this without me having to type in my password every night/morning?
The script included with the software shared for this all sky camera suggests that you use sftp, with your user name and password just in plain text within the script. I'd rather not do that, if I can avoid it. The current setup has the Raspberry Pi only visible to our internal network (and I'd like to keep it that way), but I'd like the files on it to be transferred to another machine within that network (probably a web server running linux) each morning.
So, what's the right way to do this? A passphrase-free ssh key on the Raspberry Pi? Install a basic web server on the Raspberry Pi from which the (internal) linux server can download the files? Something else?
The script included with the software shared for this all sky camera suggests that you use sftp, with your user name and password just in plain text within the script. I'd rather not do that, if I can avoid it. The current setup has the Raspberry Pi only visible to our internal network (and I'd like to keep it that way), but I'd like the files on it to be transferred to another machine within that network (probably a web server running linux) each morning.
So, what's the right way to do this? A passphrase-free ssh key on the Raspberry Pi? Install a basic web server on the Raspberry Pi from which the (internal) linux server can download the files? Something else?
For added security, create a user whose only privilege on the machine or Pi is reading the files.
posted by supercres at 6:43 AM on June 14, 2017 [2 favorites]
posted by supercres at 6:43 AM on June 14, 2017 [2 favorites]
A passphrase-free ssh key on the Raspberry Pi?
This is the Right Thing.
The other way is to have the files pulled from the Pi by the machine where you want to keep them, again using scp or sftp with a passphrase-free ssh key.
Create a dedicated key that you use for only this purpose, and a dedicated user account on the Pi that doesn't have access to anything but the files you want to pull or push.
If you push from the Pi rather than pull from elsewhere, the private half of the key only needs to exist inside the ~/.ssh folder for the dedicated user account on the Pi, and this is probably the safer option.
posted by flabdablet at 7:14 AM on June 14, 2017 [1 favorite]
This is the Right Thing.
The other way is to have the files pulled from the Pi by the machine where you want to keep them, again using scp or sftp with a passphrase-free ssh key.
Create a dedicated key that you use for only this purpose, and a dedicated user account on the Pi that doesn't have access to anything but the files you want to pull or push.
If you push from the Pi rather than pull from elsewhere, the private half of the key only needs to exist inside the ~/.ssh folder for the dedicated user account on the Pi, and this is probably the safer option.
posted by flabdablet at 7:14 AM on June 14, 2017 [1 favorite]
SSH & rsync is a great choice: plenty of example commands online. Double-check your arguments to rsync (I suggest the one that's a shortcut for "archive") to make sure you only add files to your target.
Also, be careful about storage space on the Pi: either erase older images, or have your camera command use a static filename and overwrite the old file.
posted by wenestvedt at 8:20 AM on June 14, 2017
Also, be careful about storage space on the Pi: either erase older images, or have your camera command use a static filename and overwrite the old file.
posted by wenestvedt at 8:20 AM on June 14, 2017
either erase older images, or have your camera command use a static filename and overwrite the old file
...and if it's video you're capturing, you'll probably want your SD card to be a high endurance type, or perhaps even go so far as to use an external HD or SSD via USB for image storage.
posted by flabdablet at 9:49 AM on June 14, 2017 [1 favorite]
...and if it's video you're capturing, you'll probably want your SD card to be a high endurance type, or perhaps even go so far as to use an external HD or SSD via USB for image storage.
posted by flabdablet at 9:49 AM on June 14, 2017 [1 favorite]
This thread is closed to new comments.
posted by supercres at 6:41 AM on June 14, 2017 [5 favorites]