Re: Best way to duplicate HDs--talk more about rsync+ssh system

[Jeff Waugh <jdub@perkypants.org>]

<quote who="Patrick Hsieh">

> I am sorry I could be kind of off-topic. But I want to know how to
> cross-site rsync without authentication, say ssh auth.,?

That's the best way.

> I've read some doc. using ssh-keygen to generate key pairs, appending the
> public keys to ~/.ssh/authorized_hosts on another host to prevent ssh
> authentication prompt. Is it very risky? Chances are a cracker could
> compromise one machine and ssh login others without  any authentication.

It's not "without authentication" - you're still authenticating, you're
just using a different means. There's two parts to rsa/dsa authentication
with ssh; first there's the key, then there's the passphrase.

If a cracker gets your key, that's tough, but they'll need the passphrase to
authenticate. If you make a key without a passphrase (generally what you'd
do for scripted rsyncs, etc) then they *only need the key*. So, you should
keep the data available with passphrase-less keys either read-only or backed
up, depending on its importance, etc.

- Jeff

-- 
   "I think we agnostics need a term for a holy war too. I feel all left    
                            out." - George Lebl