Re: ssh catch 22

Tue, 07 Nov 2006 14:31:46 -0800 

Ed wrote:

Hi all,
I'm stuck with a little dilemma and I thought someone could give me a little advice. 

Is there a way to use rsync with an ssh certificate?


  

There should be


what I have:
----------------

First of all I am forced to use the root account with ssh which I know is a 
big no, no, but sometimes it can't be helped.
  

(Shrug) Not such a big "no no" IMHO. We are all root sometimes.


Second, I need to use a certificate without a password as root which is even 
worst than point one so I thought I'd secure as much as I could and did the 
following.


what I did:
--------------

a) in the sshd_config of the destination PC I set "AllowUsers" to 
[EMAIL PROTECTED]
b) in the certificate, I specified the command that could be run... the likes 
of: "command="rsync -av ./source [EMAIL PROTECTED]:/destination" ssh-rsa"


my problem:
-----------------

Now if the command was "ls" the source would only be able to return the result 
of an "ls" on the destination PC.  

The problem I am facing is that my rsync command found in the certificate 
won't execute an rsync from source to destination but rather, like the "ls" 
example, it will run the command from the destination PC and thus try an 
rsync from destination to source.


Was that clear?  Can you advise on a way to automate an rsync via ssh?

Many thanks
 -Ed

  

You want to run the rsync command upon connection. Try to use:


"command="/usr/bin/rsync --server --daemon --config=/foo/rsyncd.conf ."  
,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty

 ssh-rsa [BASE64-encoded data of public key]


This will cause rsync in server mode to show up on the server side of 
the encrypted connection.
Now you can configure what is possible and not through /foo/rsyncd.conf, 
e.g. allow read only,

chrooting etc.

However, the client side still has to say "I want to archive", like this:


rsync -av --rsh="ssh -l SSH_USER -i /someplace_safe/ssh_id_key" 
LOCAL_FILE [EMAIL PROTECTED]::RSYNC_MODULE


if source is LOCAL_FILE


rsync -av --rsh="ssh -l SSH_USER -i /someplace_safe/ssh_id_key" 
[EMAIL PROTECTED]::RSYNC_MODULE LOCAL_FILE


if source is [EMAIL PROTECTED]::RSYNC_MODULE

Best regards,

-- David

--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html






















					Reply via email to