From owner-freebsd-questions@FreeBSD.ORG Mon May 5 12:23:42 2008 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0BF1D1065691 for ; Mon, 5 May 2008 12:23:42 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id CE4018FC28 for ; Mon, 5 May 2008 12:23:41 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTPSA id ADD2EEBC3B; Mon, 5 May 2008 08:23:40 -0400 (EDT) Date: Mon, 5 May 2008 08:23:58 -0400 From: Bill Moran To: Chris Maness Message-Id: <20080505082358.f7c01a7c.wmoran@potentialtech.com> In-Reply-To: <481E8D73.4030405@chrismaness.com> References: <481E8D73.4030405@chrismaness.com> X-Mailer: Sylpheed 2.4.8 (GTK+ 2.12.9; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@FreeBSD.org Subject: Re: rsync as root for mail servers? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 May 2008 12:23:46 -0000 In response to Chris Maness : > I plan on cutting over a server to new hardware, and I was wondering if > I can add cert based login for root (how do I do this)? This is so that > I can use rsync as root to sync the mail spool and home directories. > Will this work? I am using sendmail and wu-imapd. Follow the instructions for setting up ssh keys (there are dozens of howtos all over the 'net) then tweak /etc/ssh/sshd_config to allow root login (the config paramter is pretty obvious). Ensure that you either have a very strong root password, or that password auth for root is disabled first. Then, rsync you stuff using ssh as the connection mechanism (there's a command line switch for this in rsync, don't remember the details) Once you've got things rsynced the first time (while running) shut down all the services on the active machine and rsync again. This second rsync should be very fast so you'll have little downtime. -- Bill Moran http://www.potentialtech.com