From owner-freebsd-questions@FreeBSD.ORG  Mon May  5 12:23:42 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0BF1D1065691
	for <freebsd-questions@FreeBSD.org>;
	Mon,  5 May 2008 12:23:42 +0000 (UTC)
	(envelope-from wmoran@potentialtech.com)
Received: from mail.potentialtech.com (internet.potentialtech.com
	[66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id CE4018FC28
	for <freebsd-questions@FreeBSD.org>;
	Mon,  5 May 2008 12:23:41 +0000 (UTC)
	(envelope-from wmoran@potentialtech.com)
Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com
	(pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.potentialtech.com (Postfix) with ESMTPSA id ADD2EEBC3B;
	Mon,  5 May 2008 08:23:40 -0400 (EDT)
Date: Mon, 5 May 2008 08:23:58 -0400
From: Bill Moran <wmoran@potentialtech.com>
To: Chris Maness <chris@chrismaness.com>
Message-Id: <20080505082358.f7c01a7c.wmoran@potentialtech.com>
In-Reply-To: <481E8D73.4030405@chrismaness.com>
References: <481E8D73.4030405@chrismaness.com>
X-Mailer: Sylpheed 2.4.8 (GTK+ 2.12.9; i386-portbld-freebsd7.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@FreeBSD.org
Subject: Re: rsync as root for mail servers?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 May 2008 12:23:46 -0000

In response to Chris Maness <chris@chrismaness.com>:

> I plan on cutting over a server to new hardware, and I was wondering if 
> I can add cert based login for root (how do I do this)?  This is so that 
> I can use rsync as root to sync the mail spool and home directories.  
> Will this work?  I am using sendmail and wu-imapd.

Follow the instructions for setting up ssh keys (there are dozens of
howtos all over the 'net) then tweak /etc/ssh/sshd_config to allow
root login (the config paramter is pretty obvious).  Ensure that you
either have a very strong root password, or that password auth for
root is disabled first.

Then, rsync you stuff using ssh as the connection mechanism (there's
a command line switch for this in rsync, don't remember the details)

Once you've got things rsynced the first time (while running) shut
down all the services on the active machine and rsync again.  This
second rsync should be very fast so you'll have little downtime.

-- 
Bill Moran
http://www.potentialtech.com