Hi Randy (and rsync list),
(Before waffling on a side tracked issue - there is still a
request for good web based passwordless ssh tutorials)
I must apologise as usual for poor elaboration of my
paranoia against passwordless ssh.
I roughly agree with your assessment. However, the thing that
presently freaks me about passwordless ssh is the private
file. The remote machine can only confirm that someone/anyone
has the correct key file. (authorised user or someone else - a
hacker/cracker)
So rather than only giving a hacker passwordless limited
access to the rsync function on a remote machine - the hacker
is getting complete access via ssh.
(Isn't having private key files like putting your pin
number with your VISA/Mastercard/Cashcard? If the hacker
gets into your machine (or a backup tape/cd-rom) and gets
the private file?)
----
I would thus still put the argument that having an ssh
system inside rsync could be very effective as
if a client machine is hacked/cracked and rsync passwords
are obtained - they are chrooted to some extent to
what the rsync permissions will allow in terms of
uploading and downloading files. Or at minimum - the
hacker is in a more frustrated situation with respect
to using these rsync passwords to "crack" a remote
machine. However if they get the ssh private file -
(which in the case of this discussion - was only generated
to allow for secure rsync) then the world is their oyster(?)
Having ssh inside rsync also means that only an rsync
account has to be provided on the server rather than a complete
ssh user account. One problem with UNIX is its
habit of giving "all or nothing" when you may want
something in between. (In this case only having an rsync
based account)
Lachlan.
PS: If keeping rsync small is a priority for some people -
compiling in an ssh module could be an option - as is done
with apache modules to expand functionality.
>Lachlan,
>
>Excuse me for jumping into this discussion, especially being something
>of a newbie.
>
>As I understand ssh without passwords, it is very secure because it is
>based on a public / private key scheme, something like PGP. When you
>set up a passwordless ssh system, you create a public and private key,
>and then you upload your public key to the remote server that you want
>to communicate with (and which is using an ssh something -- a server, I
>think).
>
>The ssh server can apply your public key to confirm that anything that
>comes in claiming to be from you really is from you, and similarly
>anything sent to you is encoded with your public key, so only your ssh
>client can decode it with your private key.
>
>Now, I may be wrong in my understanding, but, for a moment, please
>assume I'm right. If I am right, and the security provided by a
>passwordless ssh connection is just as good as, for example, PGP (assume
>I'm right about that too, please, for a moment), then do you still have
>concerns about ssh passwordless security?
>
>If so, is it because you don't trust the public / private key approach
>used by systems like PGP?
>
>Now, stopping again for a moment, if I am right in what I say above, I
>think I would be very happy with rsync not attempting to build a cut
>down form of ssh within itself, but instead keep a modular approach --
>let rsync do what it does best, and, when appropriate, let rsync use the
>external ssh mechanism to provide security (which the external ssh would
>presumably do better than any cut down version of ssh within rsync).
>
>This modular approach also has the advantages of keeping rsync smaller,
>and allowing rsync to use a different and better security system than
>ssh if it comes into being.
>
>Thanks,
>Randy Kramer
>
>Lachlan Cranswick wrote:
>>
>> Might there be a good set of tutorials on the web on
>> how to do this while minimizing the risk of exposing
>> systems as a consequence? (setup of private/public
>> identity files that minimize the risk of hackers getting
>> passwordless access to other remote machines).
>>
>> I must admit hating the passwordless ssh system - and possible
>> implementation flaws that risk compromising remote systems.
>> (But maybe that is just personal ignorance which can
>> still be corrected?)
>>
>> Again, I think having a form of cut down ssh inside rsync
>> would be a far better option for limiting security problems
>> both when using rsync with and without external ssh programs.
>> (e.g., giving a user easy rsync only access. - such things
>> can be done via the Proftpd deamon for FTP only accounts)
>>
>> Lachlan.
>>
>> >On Fri, Apr 06, 2001 at 05:42:25PM -0600, David Salisbury wrote:
>> >> Is there a way to have rsync not prompt for a password.
>> >> I've tried using .shosts and also the authorized_keys files,
>> >> but neither seem to work. Is there anyway to modify the
>> >> rsh or ssh commands that rsync uses?
>> >
>> >I assume you're using ssh and .ssh/authorized_keys.
>> >
>> >rsync, when using ssh as a transport, _cannot_ do anything that ssh
>> >can't do. You'll need to work out the ability to ssh without a password
>> >first.
>> >
>> >rsync does not perform its own authentication in the modes you're using,
>> >and thus is not in control of the problem you're having. If rsync could
>> >override your other system authentication, then you'd have a different
>> >problem. :)
>> >
>> >If you do want to ssh without a password, you should look into sshagent,
>> >or the ability to create a key with no password and use of an
>> >authorized_keys file. Get this to work with ssh before trying it with
>> >rsync.
>> >
>> >-drew
>> >
>> >--
>> >M. Drew Streib <[EMAIL PROTECTED]>, http://dtype.org
>> >
>> >"Email sigs waste valuable bandwidth."
>> >
>> >Attachment Converted: C:\Eudora\Attach\Re password prompts
-----------------------
Lachlan M. D. Cranswick
Geochemistry - Lamont-Doherty Earth Observatory, Columbia University
PO Box 1000, 61 Route 9W Palisades, New York 10964-1000 USA
Tel: (845) 365-8662 Fax: (845) 365-8155
E-mail: [EMAIL PROTECTED] WWW: http://www.ldeo.columbia.edu
CCP14 Xtal Software Website: http://www.ccp14.ac.uk
