[clue] Rsync and root
Will
will.sterling at gmail.com
Thu Nov 3 22:35:59 MDT 2011
Rsync can connect to remote machines using RSH or SSH. When it uses this
method instead of rsyncd, It then runs rsync on the remote machine and send
the data through a pipe. If you tell RSYNC on the sending machine to use
SSH with an Identity key, that key goes into authorized_keys on the remote
machine prepended with command="sudo /usr/bin/rsync". Now you have the
ability to connect as a non-root user but have the abilty to RSYNC as root.
Single purpose SSH keys are nice because you don't even need to send a
command to the remote host. "tar -czf ./dir |SSH -i some_key" is all that
is needed as long as the remote side is setup correctly. Also if someone
were to get your key they can only do one thing with it, so you can limit
exposure.
Rsyncd may also be a solution but I don't care to leave it running and do
not know the ins and outs.
On Thu, Nov 3, 2011 at 9:19 PM, David L. Anselmi <anselmi at anselmi.us> wrote:
> Will wrote:
> > Use single purpose SSH keys, connect as a non-root user with an
> autharized
> > key. When that key is used it runs sudo and starts rsync as root.
>
> I think there's more to it than this (an exercise for the reader perhaps).
> Or perhaps you meant
> rsyncd, and that might be worth looking at.
>
> > http://pkeck.myweb.uga.edu/ssh/
>
> I think the bit about the same passphrase or id_dsa is wrong (first bullet
> under More keys!).
>
> Dave
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20111103/92251467/attachment.html
More information about the clue
mailing list