OK. My problem is, if I use rsync+ssh with blank passphrase among servers to automate rsync+ssh backup procedure without password prompt, then the cracker will not need to send any password as well as passphrase when ssh login onto another server, right?
Is there a good way to automate rsync+ssh procedure without password/passphrase prompt, while password/passphrase is still requierd when someone attempts to ssh login? > <quote who="Patrick Hsieh"> > > > I am sorry I could be kind of off-topic. But I want to know how to > > cross-site rsync without authentication, say ssh auth.,? > > That's the best way. > > > I've read some doc. using ssh-keygen to generate key pairs, appending the > > public keys to ~/.ssh/authorized_hosts on another host to prevent ssh > > authentication prompt. Is it very risky? Chances are a cracker could > > compromise one machine and ssh login others without any authentication. > > It's not "without authentication" - you're still authenticating, you're > just using a different means. There's two parts to rsa/dsa authentication > with ssh; first there's the key, then there's the passphrase. > > If a cracker gets your key, that's tough, but they'll need the passphrase to > authenticate. If you make a key without a passphrase (generally what you'd > do for scripted rsyncs, etc) then they *only need the key*. So, you should > keep the data available with passphrase-less keys either read-only or backed > up, depending on its importance, etc. > > - Jeff > > -- > "I think we agnostics need a term for a holy war too. I feel all left > out." - George Lebl > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Patrick Hsieh <[EMAIL PROTECTED]> GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
