rsync/ssh passwords

Derek Martin invalid at pizzashack.org
Sun Mar 28 12:28:52 EST 2004


On Sun, Mar 28, 2004 at 04:34:01PM +0000, John Chambers wrote:
> Since we're contemplating getting back to techie topics, I  have  one
> that's been annoying me for a while.
> 
> I've been using rsync to backup/mirror files on several machines.   I
> usually  call  rsync from any of several scripts, which does the same
> command with different hostnames.  I use ssh

What you should probably do is 1) use ssh-agent so that you need only
type your password once, or 2) create a key specifically for this
purpose, and give it no passphrase.  The latter allows the process to
be automated by a cron job, which need not run as root.  

AFAIK, the former doesn't.  There might be some tricks you can play
with starting cron with ssh-agent, but I imagine cron will probably
strip the required environment variables out of the environment.  As
usual, I'm too lazy to look into it.  For details, see the man page
for cron(8) and/or the source code.

If needed, see the man pages for ssh-keygen(1) for the relevant
details for creating a key with no password.  See the man pages for
ssh-agent(1) and ssh-add(1) to learn how to use ssh-agent to avoid
typing your passphrase for each connection.  Be mindful of the
security issues involved.  If need be, I can explain them at some
length.

> If all else fails, I suppose I can pull out  expect  and  use  it  to
> defeat this misuse of /dev/tty. 

This complaint comes up a lot, but the developers are a bunch of smart
people...  So I believe that if you look into the issue, you'll find
that ssh uses /dev/tty for good reason.  But I can't say for sure...
However, I think you'll find that using expect doesn't work:

  http://sources.redhat.com/ml/cygwin/2002-07/msg00199.html

Good luck.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20040329/3ab8dcf2/attachment.sig>


More information about the Discuss mailing list