On Thu, Nov 16, 2000 at 11:21:47AM -0700, Gary Hennigan wrote: > "Gary Hennigan" <[EMAIL PROTECTED]> writes: > > Why were you thinking you wouldn't be prompted for a password? In > > order to do passwordless ssh you need to do the following: > > > > 1) On your local system run ssh-keygen and use a good passphrase when > > prompted > > > > 2) Copy the contents of ~/.ssh/identity.pub from the local system to > > ~/.ssh/authorized_keys on the remote system. > > > > 3) Make sure your ssh daemon on the remote system has, at least, the > > following in it's configuration file: > > > > RSAAuthentication yes > > Forgot 4) Run ssh-add at the beginning of your login session. > > Unfortunately I'm not sure what you can do passwordless if you're > talking about running stuff as a cron job. You may have to allow > RhostsAuthentication in order for that to work, and that's not a very > secure solution.
Sure you can. First, an additional pointer: look for 'pam_make'. This is a cute little PAM module (alas, not debianized) that runs 'make -C /whatever/path' when someone changes their password. This automates the syncing somewhat. Then, create a passwordless key for root. Put it in 'rsync.pub' or something. This way you can use the 'authorized_keys' mechanism to restrict it. (ie, it'll only do rsync.) As the pam_make reference implies, I use a Makefile to propogate things (and so I can use the 'db' passwd file, see nsswitch.conf) in /var/lib/misc. The rsync-ey stuff is: RSYNC = /usr/bin/rsync -p -t -e '/usr/bin/ssh -i /root/.ssh/rsync' @$(RSYNC) /etc/passwd otherhost:/etc in the 'passwd' section, and a similar thing for shadow and group. -- CueCat decoder .signature by Larry Wall: #!/usr/bin/perl -n printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack 'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g;