>> Is the purpose of the Host block in .ssh/config to store the hostname >> of the backup server so it doesn't need to be used directly in the >> rdiff-backup command? > > It forces key-based authentication when connecting to the backup server. > The default is password-based, which obviously won't work in a cron job.
I don't use an .ssh/config at all and I'm not prompted for a password if the keys are in place. My sshd_config is pretty much default and my normal user is prompted for a password. >> Why create a password for the backup user? Doesn't that open up the >> possibility of someone logging in as that user, when otherwise the >> account would only be used for backing up files? > > It might work without one; in these instructions the > machine-to-be-backed-up never connects to the backup server as root, and > so you need a way to SCP stuff to the backup server. I usually use a > `pwgen 16` password for these accounts and then immediately forget it, > so nobody will log in to them for a few billion years at least. > > Does key-based authentication work with no password? I've never tried. It does! :) - Grant
