Hi, thank's everybody, today afternoon i apply the suggest and i test solution.
I post the actual configuration that i will test: vmail users is present too, i create ssh-keygen for users vmail and relative home directory and permit ssh with no password with user vmail on two servers. Then i use the configuration below i leave comment the line below or i need to active it excuse but i don't understand clear cause my terrible english? #dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace} and apply this on two servers service doveadm { # if you're using a single virtual user, set this to start ssh as vmail # (not root) # user = vmail } service config { # needed to grant access to /var/run/dovecot/config for service doveadm # unix_listener config { user = vmail } } Thank's everyboy Il 15 marzo 2012 22:55, Timo Sirainen <t...@iki.fi> ha scritto: > Plus the scripts that > > 1) when calling ssh dsync first writes the username to stdout (before dsync > starts communicating) > > and > > 2) dsync.sh on remote first reads the username from stdin, before execing > dsync itself > > Because it's not possible to give -u $username parameter in the > authorized_keys cmd itself. That's the only changing parameter that is needed. > > On 15.3.2012, at 23.49, David Ford wrote: > >> in ~privilgeduser/.ssh/authorized keys: >> >> from=<list of hosts key is valid for> cmd=dsync.sh pubkey... >> >> On 03/15/2012 05:05 PM, Timo Sirainen wrote: >>> Then again it's safer to use system user accounts than a single vmail >>> account that has access to everyone's emails. And if you allow ssh login >>> only with public key authentication I don't think there are much security >>> issues. And finally, it would be possible to write a small wrapper that >>> allows the root's public key auth to only execute dsync-user.sh script that >>> can't do anything except sync a specified user's mails. >> > -- Rispetta l'ambiente: se non ti รจ necessario, non stampare questa mail. ****************************************** Ing. Matteo Cazzador Email: mcazza...@gmail.com ******************************************