>> On Wed, 27 May 2009 15:03:30 -0700, >> prad <p...@towardsfreedom.com> said:
P> We are thinking of rsync to duplicate 1st [box] > 2nd [box] (with the P> exception of rc.conf and a few other files of course because we don't P> want them to be absolutely identical). P> we plan to allow root login and have disabled all password access so P> that rsync can preserve permissions. is this a good way to accomplish P> the bkp job? If you're going to use root login, I'd suggest access control for ssh via either daemontools or tcpwrappers, and add some extra security by putting 'from="hostname"' in root's entry in the "authorized_keys2" file: from="1st.box.com" ssh-dss AAAAB3NzaC1MtH[...]WDXDrq03pE= r...@1st.box.com It's not strictly necessary to allow root connections if you want to keep permissions intact. I use an unprivileged account ("bkup") to copy gzipped cpio archives between systems. On the 1st box, root can use pax or cpio to create the archive, and then run something as user "bkup" to do the copy to the 2nd box: root# cd /some/where root# find . -print | pax -x cpio -wd | gzip -1c > /tmp/arch.pax.gz root# su bkup -c "scp -c arcfour -i /bkup/.ssh/backuphost_dsa \ /tmp/arch.pax.gz 2nd.box.com:/someplace/bkup/can/write" The arcfour cipher will probably give you better throughput. To unpack the files on 2nd.box.com: root# cd /some/where/else root# gunzip -c /someplace/bkup/can/write/arch.pax.gz | pax -rd -pe root# rm /someplace/bkup/can/write/arch.pax.gz If the files you're syncing are huge, you're better off using root login plus rsync. -- Karl Vogel I don't speak for the USAF or my company SUVs are gross because they're the solution to a gross problem: how to make minivans look more masculine. --Paul Graham _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"