Re: [e-smith-devinfo] Script for Rsync across SSH

Thu, 01 Aug 2002 06:47:01 -0700 

On Wed, 31 Jul 2002, Noah Genner wrote:

> Dev Group,
> 
>  I've been asked for this script a bunch of times by different people
> and thought I might share it with the group as some of you might find it
> useful, or help to improve it.
>  Attached below is a shell script that I use for "syncing" directories
> on my remote development repository with a repository at my office.
> Although it could easily be edited to sync between any two machines. The
> "syncing" is done via rsync across ssh.

A few comments regarding the security aspect.

    - avoid using passwords in scripts. If I can get access to the
    file, I can see the password which may give me a better idea of
    how to compromise your system

    - even if you read the password from the command line, all I need
    to do is run "ps auxww" on your system at the correct time and I
    can see the password as part of the rsync command you are running

    - use ssh keys instead - either a dsa or rsa key. If you're going
    to be running the script from cron, use a key with an empty
    passphrase. If you'll be running the script manually, then a key
    with a pass phrase is better

        --rsh="ssh -i /path/to/private/key"

Other comments

    - you can specify the remote user as

        user@remotehost

      rather than in the ssh command (makes the script a little easier
      to read IMHO)

    - if you're going to log rsync's output, log STDERR too

        rsync ....... > logfile 2>&1
    
Otherwise a great idea (Mitel NSSG makes heavy use of rsync and we use
similar scripts).

-- 
Regards
Peter
----------
Peter Samuel, Senior Systems Administrator  [EMAIL PROTECTED]
http://www.e-smith.org (development)        http://www.e-smith.com (corporate)
Phone: +1 613 592 2122                      Fax: +1 613 592 1175
Mitel Networks, 350 Leggett Dr, Ottawa, ON K2K 2W7 Canada

"If you kill all your unhappy customers, you'll only have happy ones left"


--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org

Reply via email to