remote server access

Shell Programming and Scripting
1

hi everybody,

im kinda a new to scripting....

i have attached an image in this post...

my goal is to extract data from the remote servers (server1,2,3 as in figure)
to the server residing locally....
the criterias are:

  • I should not pass the password across the remote servers.
  • The data retrieval must be done automatically.
    I guess i shud use public key... im not sure anyways...

plz give ur views on this scenario or any scripting using perl or shell
lemme kno if u have any further explanation

thnx,
mercury

2

That sounds like a job for ssh public keys (as you said), a webserver on the three servers, or automated emails from the three servers.

Which one to go for depends on the type of data and your security concerns (ie what happens if your 'master' server gets compromised? Do you need to guarantee the data has come from who it appears to come from? Do you need to encrypt the data to protect it from snooping?).

Public key exchange gives you two options:
server1-3 to master server: You allow server1,2 and 3 to log onto the master server via public key. This will let them push data onto the master server.
Pros: If your master server gets compromised, you don't lose all other servers. Data is encrypted.
Cons: Any of the servers pushing data will have access to the data from all the other servers (unless you use a different account for each server)

master server gets from server1-3: You allow the master server to log onto all the other servers. This lets the master server pull the data it needs.
Pros: Central management of scheduling etc, the various servers don't have to know about each other and you can protect the data from each server.
Cons: If you lose the master server, it can spread to all other servers.

If you set up a webserver on each of the servers, you can pull the data anonymously. But if you can get the data, anyone can.

You can also have each server send the data to a particular email address on your master server. Just add a | /path/to/processingscript.sh as an aliase for that account and they will be automatically handled as they come in.
Anyone can send a file claiming to be one of your servers though and you'll never know.