[ngw] OT - rsync

MBT Modern MBT at aprilaire.com
Sat Mar 5 20:02:25 UTC 2011


>>> On 3/5/2011 at 12:34 AM, Matt Weisberg <matt at weisberg.net> wrote:

> I think two different ways of using rsync were being discussed.  One is 
> using SSH, no daemon involved, which it appears is what the final solution 
> was.  

no - the final solution included sending from the source to the target daemon. And the solution was to use SSH keys - but nowhere in the documentation did it ever state that a non-ssh rsync would use the keys. Clearly they do.

>For that, you can use SSH keys.  However, it is generally a security 
> risk to have a general purpose key with no passphrase on it (which I think 
> had to be done so the job could be automated, correct?).  I certainly hope 
> Novell support raised that as a concern.  

they did not - and frankly on a private network link, I don't have any more concern than I do between servers in the same data center

>What I do when I do that is create 
> a separate key and I RESTRICT the commands that key can execute.  Still not 
> perfect, but safer then having a key with no passphrase that can simply shell 
> into the remote box.

it would be nice to know how to do that

> I'm a little late to the thread too, but FWIW, here is how you do it with 
> the daemon and with a password file:
> 
> rsync -av --delete --password-file=/home/gwagents/rsync.pwd 
> /data/mail/po1/offiles/ gwagents at 127.0.0.1::gw-offiles 

I did this, using this syntax, and two things happened: 1) it did not use the password file (ie it still prompted) AND the --delete option stopped working!
<snip>

> Also, the password file (rsync.pwd) MUST have Owner ONLY read/write (600).  
> ANY other rights on it and rsync will REFUSE to use it for security reasons.

that is probably why mine did not work - I just touched the file, then used vi to put the password in - all the doc said was that the file must not be world readable ...


The information contained in this e-mail and any attached document(s) is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.



More information about the ngw mailing list