From owner-freebsd-security Thu Mar 28 17:28:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 1D7E737B416 for ; Thu, 28 Mar 2002 17:28:46 -0800 (PST) Received: (qmail 15993 invoked by uid 1000); 29 Mar 2002 01:28:41 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 29 Mar 2002 01:28:41 -0000 Date: Thu, 28 Mar 2002 17:28:36 -0800 (PST) From: Jason Stone X-X-Sender: To: John Brodzniski Cc: Subject: Re: rsync mirroring question In-Reply-To: <20020329004213.24270.qmail@web10601.mail.yahoo.com> Message-ID: <20020328164520.S5333-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > From what I read the default in version 2.5.4 is still rsh. The "default" from the authors is still rsh, the "default" in the freebsd ports tree has been patched to use ssh. So if you install rsync from a reasonably up-to-date ports tree, ssh will be the default and the manpage and docs will reflect this. > Also if I would want to automate this how would I send the password. > Would I have to specify this in the --password-file argument? The best thing to do is to use ssh keys instead of passwords. Check out ssh(1) and ssh-keygen(1) for details. In a nutshell, assume that the machine you want to back up is A and the machine you're backing up to is B. On machine A, run: ssh-keygen -f ~/.ssh/id_rsa -t rsa -N "" Then copy ~/.ssh/id_rsa.pub on A to ~/.ssh/authorized_keys on machine B. Then, on machine B, open the ~/.ssh/authorized_keys file in an editor and add to the beginning of the line a string like: command="rsync --server --sender -vlgtprz ",no-X11-forwarding,no-port-forwarding,no-agent-forwarding,no-pty,from="" replacing with the ip address of machine A, and replacing and as from this command which you run on A: rsync -avz MachineB: Make sure that the long string containing the restrictions and the key is all on one line, with the restrictions separated from the beginning of the key by a single space. Then test that the key can't be used to run a shell or a command other than your rsync, test that the private key can't be used from a machine other than A, etc. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8o8NIswXMWWtptckRAm0yAJ9aOKCdvQ9+ah0+coDLqtn/yZBCDACffunD nuHcEAlwElcxT3LkPfu1MpM= =G8S9 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message