[TriLUG] how-to: preshare ssh key
Jim Tuttle
jjtuttle at trilug.org
Thu Jun 5 14:07:35 EDT 2008
And I guess you've tried sshfs.
Jim
Jim Tuttle wrote:
> This probably isn't helpful for you, but I do several rsync operations
> to Windows file servers which obviously don't run rsync. I use a script
> to mount the drive via Samba, though I'd use sshfs if I could, and rsync
> as if it's a local disk.
>
> Jim
>
> Warren Myers wrote:
>> Final note on all this:
>>
>> rsync is a fantastic tool, but I spent an hour debugging a problem and
>> finally realized that if rsync isn't on the target server, the 'rsync -avz
>> --rsh="ssh -i <key>" /src/path <ip.trg.srv.add>:/dest/path' won't run. So,
>> on that *one* server, I ended up having to scp the directory contents, and
>> will need to manually watch for changes.
>>
>> Thanks again, all who contributed!
>> WMM
>>
>> On Tue, Jun 3, 2008 at 11:04 PM, Matthew Pusateri <
>> mpusateri at wickedtrails.com> wrote:
>>
>>> ++ for keychain! For those who don't know, it allows you to still
>>> have a passphrase on your private keys, but will cache the passphrase
>>> on logout, so that scripts that run over ssh via cron can still
>>> execute. I set mine up to prompt for a key when I log in, and then
>>> kill the key on reboot. So if your system is compromised they
>>> probably will get access to your keychain and thus be able to ssh as
>>> you without a passphrase b/c it's cached. But this is still better
>>> than no passphrase at all, because if they install anything(trojan/
>>> binaries, etc) and try to reboot the server to make them take affect,
>>> then they loose the cached passphrase.
>>>
>>> Here's a better write up on it.
>>>
>>> http://www.gentoo.org/proj/en/keychain/
>>>
>>>
>>> Matt P.
>>>
>>>
>>> On Jun 3, 2008, at 1:32 PM, Jim Tuttle wrote:
>>>
>>>> This might help. http://braggtown.com/sshauth.html
>>>>
>>>> Jim
>>>>
>>>> Warren Myers wrote:
>>>>> I need to set up rsync between a pair of servers and want to use
>>>>> ssh to
>>>>> accomplish that.
>>>>>
>>>>> However, I don't want to be entering the passwords of those users
>>>>> constantly.
>>>>>
>>>>> How do I go about pre-sharing the server keys between the target
>>>>> and source
>>>>> machines?
>>>>>
>>>>> Or, is there a better way to do this than I have currently out-lined?
>>>>>
>>>>> WMM
>>>>>
>>>> --
>>>> --
>>>> ---Jim Tuttle
>>>> ------------------------------------------------------
>>>> http://www.braggtown.com
>>>> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
>>>>
>>>> --
>>>> TriLUG mailing list :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>> --
>>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>
>>
>>
>
>
--
--
---Jim Tuttle
------------------------------------------------------
http://www.braggtown.com
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
More information about the TriLUG
mailing list