On Thu, Nov 07, 2002 at 03:39:28PM -0800, nate wrote: > this is a good method, another is to create passphrase-less RSA(ssh1) > or DSA(ssh2) keys. that way SSH (either native or using rsync with > ssh) does not prompt for a password.
Seconded. > I would only do this on trusted systems however. One slipup can reveal > your key to an intruder then they have easy access to all the other > servers. Then you use a restricted key. Your authorized_keys file at the remote end looks something like this: command="bsmtp-pull-server",no-pty,no-port-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5QLS+9Sxp/F1I3LjTxHoChbw6aK5KchSfoKLOOqXACkGE349LT5Wk9OsUFoHDw/ek8qOvsLoRczpEsaqLmRmueRr2KzXGmfHdKfvPpzv0JkBvloGF71VeE6Z+4ezOqqcjLBiJE3nxUYuR3siR0hAt0g5QURhMl0icEHeyLkuvIU= cjwatson@riva That allows the named key to connect only for the purpose of running the command 'bsmtp-pull-server'. The key should still be kept secure of course, but the consequences of a compromise aren't quite so bad. -- Colin Watson [[EMAIL PROTECTED]] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
