From owner-freebsd-questions Thu Jul 1 12:12:43 1999 Delivered-To: freebsd-questions@freebsd.org Received: from unix1.digital-web.net (unix1.digital-web.net [216.65.27.2]) by hub.freebsd.org (Postfix) with ESMTP id BC22015336; Thu, 1 Jul 1999 12:12:38 -0700 (PDT) (envelope-from joseph@randomnetworks.com) Received: from localhost (jmscott@localhost) by unix1.digital-web.net (8.9.3/8.9.3) with ESMTP id PAA50589; Thu, 1 Jul 1999 15:00:19 -0400 (EDT) Date: Thu, 1 Jul 1999 15:00:18 -0400 (EDT) From: Joseph Scott X-Sender: jmscott@unix1.digital-web.net Reply-To: Joseph Scott To: cjclark@home.com Cc: FreeBSD Questions , freebsd-security@FreeBSD.ORG Subject: Re: SSH Working Like rsh In-Reply-To: <199907010500.BAA17307@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You may want to look at /usr/local/etc/sshd_config on the backup machine a take a look at turning RhostAuthentication no to RhostAuthentication yes It's been awhile, but I think that will tell ssh to pay attention to .rhosts files. Of course you'll want to make sure that your .rhosts files are set up very tightly. Also you may want to look at using rsync instead of tar. Thu, 1 Jul 1999, Crist J. Clark wrote: > As in the past > (http://www.freebsd.org/cgi/getmsg.cgi?fetch=3815870+3818463+/usr/local/www/db/text/1999/freebsd-questions/19990509.freebsd-questions), > I seem to be having some trouble understanding the SSH manpages. > > I have two machines, lets call them hostA and hostB. hostA is a server > and hostB is its backup. On a daily basis, I want to run a cron job > on hostB that sucks up various files from hostA and then deposits them > where they belong on hostB. > > Now, to me, the simple solution seemed to just use ssh (as I would > have used rsh in past, simpler times), to do something like, > > ssh hostA "tar cf - $FILE_LIST" | tar xf - > > Where ssh runs a command on hostA and pipes the stdout over the net > back to the stdin of a command on hostB. > > The ssh(1) manpage says, > > The second (and primary) authentication method is the > rhosts or hosts.equiv method combined with RSA-based host > authentication. It means that if the login would be per- > mitted by .rhosts, .shosts, /etc/hosts.equiv, or > /usr/local/etc/shosts.equiv, and additionally it can ver- > ify the client's host key (see $HOME/.ssh/known_hosts and > /usr/local/etc/ssh_known_hosts in the FILES section), only > then login is permitted. This authentication method > closes security holes due to IP spoofing, DNS spoofing and > routing spoofing. [Note to the administrator: > /etc/hosts.equiv, .rhosts, and the rlogin/rsh protocol in > general, are inherently insecure and should be disabled if > security is desired.] > > To me, it is saying that ssh should function like the rsh from the > user's point of view. However, on hostA, I have placed hostB in the > /etc/shost file, the user's .rhosts (root user), and made sure that > the pub key for hostB is on hostA in /root/.ssh/known_hosts and > /usr/local/etc/ssh_known_hosts, but I still get a request for a > passphrase. > > How do I set up ssh so it can run a ssh like this from a cronjob? Is > the solution to give root a null passphrased private key? However, the > documentation has the scary statement about 'do not use null > passphrases unless you know what you are doing.' I do not know enough > about what I am doing to ignore that warning for a root account. > > Thanks for any pointers. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > Joseph Scott joseph@randomnetworks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message