[TriLUG] how-to: preshare ssh key

Warren Myers volcimaster at gmail.com
Thu Jun 5 13:43:42 EDT 2008 

Final note on all this:

rsync is a fantastic tool, but I spent an hour debugging a problem and
finally realized that if rsync isn't on the target server, the 'rsync -avz
--rsh="ssh -i <key>" /src/path <ip.trg.srv.add>:/dest/path' won't run. So,
on that *one* server, I ended up having to scp the directory contents, and
will need to manually watch for changes.

Thanks again, all who contributed!
WMM

On Tue, Jun 3, 2008 at 11:04 PM, Matthew Pusateri <
mpusateri at wickedtrails.com> wrote:

> ++ for keychain!  For those who don't know, it allows you to still
> have a passphrase on your private keys, but will cache the passphrase
> on logout, so that scripts that run over ssh via cron can still
> execute.  I set mine up to prompt for a key when I log in, and then
> kill the key on reboot.  So if your system is compromised they
> probably will get access to your keychain and thus be able to ssh as
> you without a passphrase b/c it's cached.  But this is still better
> than no passphrase at all, because if they install anything(trojan/
> binaries, etc) and try to reboot the server to make them take affect,
> then they loose the cached passphrase.
>
> Here's a better write up on it.
>
> http://www.gentoo.org/proj/en/keychain/
>
>
> Matt P.
>
>
> On Jun 3, 2008, at 1:32 PM, Jim Tuttle wrote:
>
> > This might help. http://braggtown.com/sshauth.html
> >
> > Jim
> >
> > Warren Myers wrote:
> >> I need to set up rsync between a pair of servers and want to use
> >> ssh to
> >> accomplish that.
> >>
> >> However, I don't want to be entering the passwords of those users
> >> constantly.
> >>
> >> How do I go about pre-sharing the server keys between the target
> >> and source
> >> machines?
> >>
> >> Or, is there a better way to do this than I have currently out-lined?
> >>
> >> WMM
> >>
> >
> >
> > --
> > --
> > ---Jim Tuttle
> > ------------------------------------------------------
> > http://www.braggtown.com
> > PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
> >
> > --
> > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



-- 

Warren Myers
http://warrenmyers.com

More information about the TriLUG mailing list