Re: rsync and RSA Authentication

Subject: Re: rsync and RSA Authentication
From: Jim Dory (jdory@gci.net)
Date: Tue Feb 17 2004 - 09:20:16 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Troy Melhase: "Advanced Bash-Scripting Guide"
• Previous message: Troy Melhase: "RE: rsync and RSA Authentication"
• In reply to: KSchneider: "rsync and RSA Authentication"
• Reply: Jim Dory: "Re: rsync and RSA Authentication"
• Reply: Jim Dory: "Re: rsync and RSA Authentication"

KSchneider wrote:

>Hey guys --
>
>Does anyone have a good reference for learning about and implementing
>security keys for automatic transfer from one server to another (a back-up
>solution I'm still trying to get in place).
>
>I want to use rsync and am looking for good documentation on it using RSA.
>
>Thanks,
>Kate
>
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>
>
>
>
http://kmself.home.netcom.com/Linux/FAQs/sshrsakey.html

sheesh,

one other thing that differed..
rather than identity.pub and identity, it saved the info as
id_rsa.pub, etc.

I think that's all. easy deal. If you specify a passphrase it seems to
want to require that at logon... or leave it /null.

Here's a bit more from a flexbackup tut (I don't know diffs between rsa
and dsa, but both work):

Let's assume that you want to backup some directories or filesystems
from another host. After all, you've just paid big money for the DLT
drive on your main host, so now you should take advantage of it and use
it to backup your other machines. In addition, you want these backups to
happen in the middle of the night. First, you need to set up
password-less ssh login to the remote machine.

   1.

      As root on the machine with the tape drive, do the following
      (|local| is the machine with the tape drive; |remote| is the
      machine that you wish to backup to the local tape drive):

    # ssh-keygen -t dsa

   2.

      This will create the files |id_dsa| and |id_dsa.pub| in the .ssh
      directory. The file |id_dsa| is your private key and will remain
      on the host that has the tape drive. You will need to transfer
      |id_dsa.pub| to the remote host:

     # scp user@remote .ssh/id_dsa.pub remote:
     # ssh user@remote
     remote# su root
     remote# cat /home/user/id_dsa.pub >> /root/.ssh/authorized_keys2
     remote# rm /home/user/id_dsa.pub
     remote# exit

   3.

      Next, you may have to adjust your sshd_config file to permit root
      to login via ssh. While sshd_config ships with root logins
      enabled, almost all sysadmins disable this feature to enhance
      security. Edit /etc/sshd_config to so that the PermitRootLogin
      line looks like this:

      PermitRootLogin without-password

     This will only permit root to login with the private key stored on the local machine. This is moderately secure.
     However, you should decide whether this is an acceptable level of risk for your environment. The other
     (and arguably better) approach would be to set up another user who would login without a password and would then
     be able to sudo the necessary commands for the backup.

   4.

      Verify that you can login to the remote machine as root with no
      password:

      # ssh root@remote or ssh -l root remote

     should get you a prompt on the remote machine without requiring you to type a password.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Troy Melhase: "Advanced Bash-Scripting Guide"
• Previous message: Troy Melhase: "RE: rsync and RSA Authentication"
• In reply to: KSchneider: "rsync and RSA Authentication"
• Reply: Jim Dory: "Re: rsync and RSA Authentication"
• Reply: Jim Dory: "Re: rsync and RSA Authentication"

This archive was generated by hypermail 2a23 : Tue Feb 17 2004 - 10:20:37 AKST