[TriLUG] how-to: preshare ssh key

Jim Tuttle jjtuttle at trilug.org
Thu Jun 5 13:59:17 EDT 2008


This probably isn't helpful for you, but I do several rsync operations
to Windows file servers which obviously don't run rsync.  I use a script
to mount the drive via Samba, though I'd use sshfs if I could, and rsync
 as if it's a local disk.

Jim

Warren Myers wrote:
> Final note on all this:
> 
> rsync is a fantastic tool, but I spent an hour debugging a problem and
> finally realized that if rsync isn't on the target server, the 'rsync -avz
> --rsh="ssh -i <key>" /src/path <ip.trg.srv.add>:/dest/path' won't run. So,
> on that *one* server, I ended up having to scp the directory contents, and
> will need to manually watch for changes.
> 
> Thanks again, all who contributed!
> WMM
> 
> On Tue, Jun 3, 2008 at 11:04 PM, Matthew Pusateri <
> mpusateri at wickedtrails.com> wrote:
> 
>> ++ for keychain!  For those who don't know, it allows you to still
>> have a passphrase on your private keys, but will cache the passphrase
>> on logout, so that scripts that run over ssh via cron can still
>> execute.  I set mine up to prompt for a key when I log in, and then
>> kill the key on reboot.  So if your system is compromised they
>> probably will get access to your keychain and thus be able to ssh as
>> you without a passphrase b/c it's cached.  But this is still better
>> than no passphrase at all, because if they install anything(trojan/
>> binaries, etc) and try to reboot the server to make them take affect,
>> then they loose the cached passphrase.
>>
>> Here's a better write up on it.
>>
>> http://www.gentoo.org/proj/en/keychain/
>>
>>
>> Matt P.
>>
>>
>> On Jun 3, 2008, at 1:32 PM, Jim Tuttle wrote:
>>
>>> This might help. http://braggtown.com/sshauth.html
>>>
>>> Jim
>>>
>>> Warren Myers wrote:
>>>> I need to set up rsync between a pair of servers and want to use
>>>> ssh to
>>>> accomplish that.
>>>>
>>>> However, I don't want to be entering the passwords of those users
>>>> constantly.
>>>>
>>>> How do I go about pre-sharing the server keys between the target
>>>> and source
>>>> machines?
>>>>
>>>> Or, is there a better way to do this than I have currently out-lined?
>>>>
>>>> WMM
>>>>
>>>
>>> --
>>> --
>>> ---Jim Tuttle
>>> ------------------------------------------------------
>>> http://www.braggtown.com
>>> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
>>>
>>> --
>>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>> --
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
> 
> 
> 


-- 
--
---Jim Tuttle
------------------------------------------------------
http://www.braggtown.com
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08




More information about the TriLUG mailing list