> root. ) I don't really like having root able to log into a box without a
> passwd, my short-term fix is to move /.ssh/authorized_keys to
> /.ssh/authorized_keys.bak with cron when my rsync is done, and vice-versa
> when I need to start it.
I don't like root to be able to login without a password either.
Actually, I don't even rsync with the root user, because I don't care
about saving file ownerships. But, I don't like having a user account be
able to login without a password either, so I use something like this in
my .ssh/authorized_keys for the 'operator' user on my setup because I'm
totally paranoid:
from="machine name here",command="rsync --server -youroptions . /dir" 1024
[rest of key here] [key comment]
You'd have to find out what exact rsync --server command you are running
by examining the output of 'ps', of course...
The sshd manpage has information about how all of the above works. You
have to get a little creative with the ssh identities if you want this
setup to handle multiple rsync server commands though... I have a setup
that uses different ssh identities (can be created with ssh-keygen) to run
different rsync command from the client. So far this is the most secure
implementation I've though of... It works just fine, too! All of this
works through crontabs and shell scripts on about 6 clients going to 1
backup server.
-Chris
