[TriLUG] how-to: preshare ssh key
Warren Myers
volcimaster at gmail.com
Thu Jun 5 14:08:42 EDT 2008
nope - that one didn't come to mind.
I've read about it before, but never used it, which is probably why I didn't
think of it
WMM
On Thu, Jun 5, 2008 at 2:07 PM, Jim Tuttle <jjtuttle at trilug.org> wrote:
> And I guess you've tried sshfs.
>
> Jim
>
> Jim Tuttle wrote:
> > This probably isn't helpful for you, but I do several rsync operations
> > to Windows file servers which obviously don't run rsync. I use a script
> > to mount the drive via Samba, though I'd use sshfs if I could, and rsync
> > as if it's a local disk.
> >
> > Jim
> >
> > Warren Myers wrote:
> >> Final note on all this:
> >>
> >> rsync is a fantastic tool, but I spent an hour debugging a problem and
> >> finally realized that if rsync isn't on the target server, the 'rsync
> -avz
> >> --rsh="ssh -i <key>" /src/path <ip.trg.srv.add>:/dest/path' won't run.
> So,
> >> on that *one* server, I ended up having to scp the directory contents,
> and
> >> will need to manually watch for changes.
> >>
> >> Thanks again, all who contributed!
> >> WMM
> >>
> >> On Tue, Jun 3, 2008 at 11:04 PM, Matthew Pusateri <
> >> mpusateri at wickedtrails.com> wrote:
> >>
> >>> ++ for keychain! For those who don't know, it allows you to still
> >>> have a passphrase on your private keys, but will cache the passphrase
> >>> on logout, so that scripts that run over ssh via cron can still
> >>> execute. I set mine up to prompt for a key when I log in, and then
> >>> kill the key on reboot. So if your system is compromised they
> >>> probably will get access to your keychain and thus be able to ssh as
> >>> you without a passphrase b/c it's cached. But this is still better
> >>> than no passphrase at all, because if they install anything(trojan/
> >>> binaries, etc) and try to reboot the server to make them take affect,
> >>> then they loose the cached passphrase.
> >>>
> >>> Here's a better write up on it.
> >>>
> >>> http://www.gentoo.org/proj/en/keychain/
> >>>
> >>>
> >>> Matt P.
> >>>
> >>>
> >>> On Jun 3, 2008, at 1:32 PM, Jim Tuttle wrote:
> >>>
> >>>> This might help. http://braggtown.com/sshauth.html
> >>>>
> >>>> Jim
> >>>>
> >>>> Warren Myers wrote:
> >>>>> I need to set up rsync between a pair of servers and want to use
> >>>>> ssh to
> >>>>> accomplish that.
> >>>>>
> >>>>> However, I don't want to be entering the passwords of those users
> >>>>> constantly.
> >>>>>
> >>>>> How do I go about pre-sharing the server keys between the target
> >>>>> and source
> >>>>> machines?
> >>>>>
> >>>>> Or, is there a better way to do this than I have currently out-lined?
> >>>>>
> >>>>> WMM
> >>>>>
> >>>> --
> >>>> --
> >>>> ---Jim Tuttle
> >>>> ------------------------------------------------------
> >>>> http://www.braggtown.com
> >>>> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
> >>>>
> >>>> --
> >>>> TriLUG mailing list :
> >>> http://www.trilug.org/mailman/listinfo/trilug
> >>>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >>> --
> >>> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> >>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >>>
> >>
> >>
> >
> >
>
>
> --
> --
> ---Jim Tuttle
> ------------------------------------------------------
> http://www.braggtown.com
> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
--
Warren Myers
http://warrenmyers.com
More information about the TriLUG
mailing list