[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rsync w/ssh

On Thu, Nov 16, 2000 at 11:21:47AM -0700, Gary Hennigan wrote:
> "Gary Hennigan" <glhenni@sandia.gov> writes:
> > Why were you thinking you wouldn't be prompted for a password? In
> > order to do passwordless ssh you need to do the following:
> > 
> > 1) On your local system run ssh-keygen and use a good passphrase when
> > prompted
> > 
> > 2) Copy the contents of ~/.ssh/identity.pub from the local system to
> > ~/.ssh/authorized_keys on the remote system.
> > 
> > 3) Make sure your ssh daemon on the remote system has, at least, the
> > following in it's configuration file:
> > 
> >         RSAAuthentication yes
> Forgot 4) Run ssh-add at the beginning of your login session.
> Unfortunately I'm not sure what you can do passwordless if you're
> talking about running stuff as a cron job. You may have to allow
> RhostsAuthentication in order for that to work, and that's not a very
> secure solution.

Sure you can.

First, an additional pointer: look for 'pam_make'.  This is a cute
little PAM module (alas, not debianized) that runs 'make -C
/whatever/path' when someone changes their password.  This automates the
syncing somewhat.

Then, create a passwordless key for root.  Put it in 'rsync.pub' or
something.  This way you can use the 'authorized_keys' mechanism to
restrict it.  (ie, it'll only do rsync.)

As the pam_make reference implies, I use a Makefile to propogate things
(and so I can use the 'db' passwd file, see nsswitch.conf) in

The rsync-ey stuff is:

RSYNC = /usr/bin/rsync -p -t -e '/usr/bin/ssh -i /root/.ssh/rsync'

        @$(RSYNC) /etc/passwd otherhost:/etc

in the 'passwd' section, and a similar thing for shadow and group.

CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g; 

Reply to: