Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] hosts.equiv



dan ritter wrote:
> On Fri, Sep 14, 2012 at 08:40:44AM -0400, dan moylan wrote:

>> i have a script to rsync a number of directories between two
>> computers on my local net and would like to avoid having to
>> enter my password for each one.  i thought i could do this
>> using hosts.equiv, but it's not working for me.  i solved
>> this once before a number of years ago, but i'm undoubtedly
>> forgetting something now.  any help would be appreciated.

> Create an ssh key:
> ssh-keygen -t rsa -b 2048
> Change the filename to "rsync.key"
> Don't put in a passphrase.

did that, put rsync.key in ~/.ssh

> man sshd. Read the section on Authorized_Keys file format.

> Add restrictions to rsync.key.pub: no-agent-forwarding,
> no-port-forwarding, no-pty, no-X11-forwarding, perhaps a from
> restriction. Make it tight. command = rsync?

> Copy rsync.key.pub with the restrictions to your remote machine,
> and cat it to the end of ~/.ssh/authorized_keys

did that:

  # authorized_keys
  # rsync.key.pub
  command="rsync",no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding
  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzTeJ/nRpWTnjbsEWypLt1/rbdpU5ABAkPqUzX6ug0pCnvKpRKga63RlIi03rGQb0d1dkosKtVnhodageA6PRGuAQ3zdJDDdw1OScH8sZsdtGd44/fsBVCQlYlJP2i8RCc20dBnxiujvjv4iuvk5CPzZPCbjfxyFvEBES5nMsZY/mLilqX4xlDx9PJlkUJ28Gm0vaIEZ9BzGCDll7C4Quph4WXKgvVZdMrAfuAceE8DPcFacIvjOBDOGWxdqaaQgsYIXHSdgE72duDcNnAnDAV59nhtDEaYTAN5kba/uWqHujJ8p7Qff1vaYbkEUrUEhl/8GBptVI2i3tCsb0Q9aOF moylan at betelgeuse

> When you run rsync, pass it "-e ssh -i /home/jdm/.ssh/rsync.key"
> You should have a fairly safe passwordless rsync.

  rsync -e ssh -i /home/moylan/.ssh/rsync.key --archive --delete --compress /home/moylan/bac/ 192.168.0.103:bac

still asked for a password.  any idea what i might have
missed (or done wrong)?

tia,
ole dan

j. daniel moylan
84 harvard ave
brookline, ma 02446-6202
617-232-2360 (tel)
jdm at moylan.us
www.moylan.us
[death to html bloat!]



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org