* Nick Furman (nfurman@jlink.net) [010707 12:35]: > I have a quick question regarding the secure server package and scp. > > I prefer not to use NIS to share the password file between two servers so > I wrote a script to push /etc/passwd to another server so they both have > duplicate copies when a user is added onto our system. > > Of course I am using scp to move the file over, but everytime a user is > added, it asks for the root user's password on the remote server. Is > there a way using .rhosts to disable the remote server from asking me for > a password so it just pushes /etc/passwd over, no questions asked? > > Thanks! > > Nick Martin gives good advice, but if you want to do this via a script and without a password required, you could set up something like the following: create a new RSA key with no passphrase. On the remote machine, add a line something like this to /root/.ssh/authorized_keys2: from="othermachine",commands="<script to add info to system files>",no-port-forwarding,no-agent-forwarding,no-pty ssh-rsa <the key> (Sorry, that's long because it needs to be all one line in the file). The point is that you can create a key that will be accepted with no passphrase restricted to connections from a certain host and forced to perform a specific action. Also ensure that you have in /etc/ssh/sshd_config: PermitRootLogin forced-commands-only Please, please, please understand what you're doing and gauge whether your systems are secure enough and that this is acceptable risk. Vineet
Attachment:
pgp1kwQzuEsif.pgp
Description: PGP signature