Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 1 Jul 1999 15:00:18 -0400 (EDT)
From:      Joseph Scott <joseph@randomnetworks.com>
To:        cjclark@home.com
Cc:        FreeBSD Questions <freebsd-questions@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG
Subject:   Re: SSH Working Like rsh
Message-ID:  <Pine.BSF.4.05.9907011433240.47496-100000@unix1.digital-web.net>
In-Reply-To: <199907010500.BAA17307@cc942873-a.ewndsr1.nj.home.com>

next in thread | previous in thread | raw e-mail | index | archive | help


	You may want to look at /usr/local/etc/sshd_config on the backup
machine a take a look at turning

RhostAuthentication no

to

RhostAuthentication yes

It's been awhile, but I think that will tell ssh to pay attention to
.rhosts files.  Of course you'll want to make sure that your .rhosts files
are set up very tightly.

Also you may want to look at using rsync instead of tar.



Thu, 1 Jul 1999, Crist J. Clark wrote:

> As in the past
> (http://www.freebsd.org/cgi/getmsg.cgi?fetch=3815870+3818463+/usr/local/www/db/text/1999/freebsd-questions/19990509.freebsd-questions),
> I seem to be having some trouble understanding the SSH manpages.
> 
> I have two machines, lets call them hostA and hostB. hostA is a server
> and hostB is its backup. On a daily basis, I want to run a cron job
> on hostB that sucks up various files from hostA and then deposits them
> where they belong on hostB.
> 
> Now, to me, the simple solution seemed to just use ssh (as I would
> have used rsh in past, simpler times), to do something like,
> 
>   ssh hostA "tar cf - $FILE_LIST" | tar xf -
> 
> Where ssh runs a command on hostA and pipes the stdout over the net
> back to the stdin of a command on hostB.
> 
> The ssh(1) manpage says,
> 
>        The second (and  primary)  authentication  method  is  the
>        rhosts  or hosts.equiv method combined with RSA-based host
>        authentication.  It means that if the login would be  per-
>        mitted   by   .rhosts,   .shosts,   /etc/hosts.equiv,   or
>        /usr/local/etc/shosts.equiv, and additionally it can  ver-
>        ify  the client's host key (see $HOME/.ssh/known_hosts and
>        /usr/local/etc/ssh_known_hosts in the FILES section), only
>        then  login  is  permitted.   This  authentication  method
>        closes security holes due to IP spoofing, DNS spoofing and
>        routing    spoofing.     [Note   to   the   administrator:
>        /etc/hosts.equiv, .rhosts, and the rlogin/rsh protocol  in
>        general, are inherently insecure and should be disabled if
>        security is desired.]
> 
> To me, it is saying that ssh should function like the rsh from the
> user's point of view. However, on hostA, I have placed hostB in the
> /etc/shost file, the user's .rhosts (root user), and made sure that
> the pub key for hostB is on hostA in /root/.ssh/known_hosts and
> /usr/local/etc/ssh_known_hosts, but I still get a request for a
> passphrase. 
> 
> How do I set up ssh so it can run a ssh like this from a cronjob? Is
> the solution to give root a null passphrased private key? However, the
> documentation has the scary statement about 'do not use null
> passphrases unless you know what you are doing.' I do not know enough
> about what I am doing to ignore that warning for a root account.
> 
> Thanks for any pointers.
> -- 
> Crist J. Clark                           cjclark@home.com
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


Joseph Scott
joseph@randomnetworks.com




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9907011433240.47496-100000>