[TriLUG] how-to: preshare ssh key
Warren Myers
volcimaster at gmail.com
Thu Jun 5 14:01:29 EDT 2008
Yeah - sadly I can't nfs-mount that target, or I would.
WMM
On Thu, Jun 5, 2008 at 1:59 PM, Jim Tuttle <jjtuttle at trilug.org> wrote:
> This probably isn't helpful for you, but I do several rsync operations
> to Windows file servers which obviously don't run rsync. I use a script
> to mount the drive via Samba, though I'd use sshfs if I could, and rsync
> as if it's a local disk.
>
> Jim
>
> Warren Myers wrote:
> > Final note on all this:
> >
> > rsync is a fantastic tool, but I spent an hour debugging a problem and
> > finally realized that if rsync isn't on the target server, the 'rsync
> -avz
> > --rsh="ssh -i <key>" /src/path <ip.trg.srv.add>:/dest/path' won't run.
> So,
> > on that *one* server, I ended up having to scp the directory contents,
> and
> > will need to manually watch for changes.
> >
> > Thanks again, all who contributed!
> > WMM
> >
> > On Tue, Jun 3, 2008 at 11:04 PM, Matthew Pusateri <
> > mpusateri at wickedtrails.com> wrote:
> >
> >> ++ for keychain! For those who don't know, it allows you to still
> >> have a passphrase on your private keys, but will cache the passphrase
> >> on logout, so that scripts that run over ssh via cron can still
> >> execute. I set mine up to prompt for a key when I log in, and then
> >> kill the key on reboot. So if your system is compromised they
> >> probably will get access to your keychain and thus be able to ssh as
> >> you without a passphrase b/c it's cached. But this is still better
> >> than no passphrase at all, because if they install anything(trojan/
> >> binaries, etc) and try to reboot the server to make them take affect,
> >> then they loose the cached passphrase.
> >>
> >> Here's a better write up on it.
> >>
> >> http://www.gentoo.org/proj/en/keychain/
> >>
> >>
> >> Matt P.
> >>
> >>
> >> On Jun 3, 2008, at 1:32 PM, Jim Tuttle wrote:
> >>
> >>> This might help. http://braggtown.com/sshauth.html
> >>>
> >>> Jim
> >>>
> >>> Warren Myers wrote:
> >>>> I need to set up rsync between a pair of servers and want to use
> >>>> ssh to
> >>>> accomplish that.
> >>>>
> >>>> However, I don't want to be entering the passwords of those users
> >>>> constantly.
> >>>>
> >>>> How do I go about pre-sharing the server keys between the target
> >>>> and source
> >>>> machines?
> >>>>
> >>>> Or, is there a better way to do this than I have currently out-lined?
> >>>>
> >>>> WMM
> >>>>
> >>>
> >>> --
> >>> --
> >>> ---Jim Tuttle
> >>> ------------------------------------------------------
> >>> http://www.braggtown.com
> >>> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
> >>>
> >>> --
> >>> TriLUG mailing list :
> >> http://www.trilug.org/mailman/listinfo/trilug
> >>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >> --
> >> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> >> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >>
> >
> >
> >
>
>
> --
> --
> ---Jim Tuttle
> ------------------------------------------------------
> http://www.braggtown.com
> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
--
Warren Myers
http://warrenmyers.com
More information about the TriLUG
mailing list