Re: Best way to duplicate HDs--talk more about rsync+ssh system
<quote who="Patrick Hsieh">
> I am sorry I could be kind of off-topic. But I want to know how to
> cross-site rsync without authentication, say ssh auth.,?
That's the best way.
> I've read some doc. using ssh-keygen to generate key pairs, appending the
> public keys to ~/.ssh/authorized_hosts on another host to prevent ssh
> authentication prompt. Is it very risky? Chances are a cracker could
> compromise one machine and ssh login others without any authentication.
It's not "without authentication" - you're still authenticating, you're
just using a different means. There's two parts to rsa/dsa authentication
with ssh; first there's the key, then there's the passphrase.
If a cracker gets your key, that's tough, but they'll need the passphrase to
authenticate. If you make a key without a passphrase (generally what you'd
do for scripted rsyncs, etc) then they *only need the key*. So, you should
keep the data available with passphrase-less keys either read-only or backed
up, depending on its importance, etc.
- Jeff
--
"I think we agnostics need a term for a holy war too. I feel all left
out." - George Lebl
Reply to: