From owner-freebsd-security  Mon Dec 10 11: 2:27 2001
Delivered-To: freebsd-security@freebsd.org
Received: from squall.waterspout.com (squall.waterspout.com [208.13.56.12])
	by hub.freebsd.org (Postfix) with ESMTP id DC9C437B41F
	for <freebsd-security@FreeBSD.ORG>; Mon, 10 Dec 2001 11:02:17 -0800 (PST)
Received: by squall.waterspout.com (Postfix, from userid 1050)
	id 17FCF9B19; Mon, 10 Dec 2001 14:00:19 -0500 (EST)
Date: Mon, 10 Dec 2001 14:00:19 -0500
From: Will Andrews <will@csociety.org>
To: Marc Rassbach <marc@milestonerdl.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Rsync, ssh and using root.
Message-ID: <20011210140018.A23826@squall.waterspout.com>
Reply-To: Will Andrews <will@csociety.org>
Mail-Followup-To: Marc Rassbach <marc@milestonerdl.com>,
	freebsd-security@FreeBSD.ORG
References: <Pine.BSF.4.21.0112101218390.1117-100000@tandem.milestonerdl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.21.0112101218390.1117-100000@tandem.milestonerdl.com>
User-Agent: Mutt/1.3.22.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Dec 10, 2001 at 12:33:25PM -0600, Marc Rassbach wrote:
> I know that using remote root login is considered bad behavior, but 
> my job in implementation, not judgement of security.  This is what the
> client wants...put a hole in the default FreeBSD security.
>  
> The client in the old days had a 3.5 box (2 of them) and used a
> combination of rsync, rsync in daemon mode, and ssh to allow root to move
> data between both machines.  
>  
> What was done under 3.5 (remote keys, etc la) no longer work on 4.4.
> On 4.X, it seems to fail after authencation, and I have spent 20+ hours
> reading man pages, and the mail list and can't find a good work around.  
> (I have resisted looking at the source becuase I do not feel it is a bug,
> nor do I wish to patch code to make this work)
>  
> What I am looking for is a way to have root-level privilages for 
> reading/writing files between servers as the lo-tech solution they want 
> for the 'server backup' is moving files once a day.
>  
> Guidance as to how to do this with rsync (break securty) or some other
> method that does not break security is welcome.

You did not mention what specifically happens with the machines
running 4.x, so I can't suggest a solution.

There have been some changes regarding how ssh works, particularly
in protocols, since 3.x.

-- 
wca

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message