Re: rsync w/ssh
On Thu, Nov 16, 2000 at 11:21:47AM -0700, Gary Hennigan wrote:
> "Gary Hennigan" <glhenni@sandia.gov> writes:
> > Why were you thinking you wouldn't be prompted for a password? In
> > order to do passwordless ssh you need to do the following:
> >
> > 1) On your local system run ssh-keygen and use a good passphrase when
> > prompted
> >
> > 2) Copy the contents of ~/.ssh/identity.pub from the local system to
> > ~/.ssh/authorized_keys on the remote system.
> >
> > 3) Make sure your ssh daemon on the remote system has, at least, the
> > following in it's configuration file:
> >
> > RSAAuthentication yes
>
> Forgot 4) Run ssh-add at the beginning of your login session.
>
> Unfortunately I'm not sure what you can do passwordless if you're
> talking about running stuff as a cron job. You may have to allow
> RhostsAuthentication in order for that to work, and that's not a very
> secure solution.
Sure you can.
First, an additional pointer: look for 'pam_make'. This is a cute
little PAM module (alas, not debianized) that runs 'make -C
/whatever/path' when someone changes their password. This automates the
syncing somewhat.
Then, create a passwordless key for root. Put it in 'rsync.pub' or
something. This way you can use the 'authorized_keys' mechanism to
restrict it. (ie, it'll only do rsync.)
As the pam_make reference implies, I use a Makefile to propogate things
(and so I can use the 'db' passwd file, see nsswitch.conf) in
/var/lib/misc.
The rsync-ey stuff is:
RSYNC = /usr/bin/rsync -p -t -e '/usr/bin/ssh -i /root/.ssh/rsync'
@$(RSYNC) /etc/passwd otherhost:/etc
in the 'passwd' section, and a similar thing for shadow and group.
--
CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g;
Reply to: