On Tue, 2004-05-11 at 19:56 +1200, Jim Cheetham wrote: > Unfortunately, for that elusive beast, "security", this is a bad thing. > Possession of the public key will allow anyone to connect to the target > machine with an interactive shell. In this case, the > super-encryption-powers of ssh are wasted :-)
Which is why you only want to have the private key at one end if it can be helped, the machine requesting the copy. For those who don't realise, scp, and rsync will let you choose a machine as the source or the destination. Use [EMAIL PROTECTED]: if you're not the same username at both ends. Some people use the same public/private key pair at both ends, which is the biggest security risk (even I'm guilty of this at times). Only have the keys you need listed if security is an issue. Read the manpages, if you use rsync you should be able to setup a user with rsync as its shell and avoid a few security issues. Also note that ssh/scp doesn't like it if your .ssh directory is readable/writeable by anyone other than yourself. This caused a problem for me once which took forever to figure out. As for templates as asked in the original question, there are a number of scripts on the rsync homepage that will probably help you. Sascha
