I saved your message from the other day that nobody responded to, but I'll
respond to this one instead since it looks like you're a little further
along.
On Thu, Sep 14, 2000 at 06:09:19PM +0000, Willis L. Sarka wrote:
> Greetings,
>
> I have a cluster of Sun Netra T1's, with one of them being an rsync
> server. Here is the rsyncd.con file:
>
>
> [sync]
> path = /etc
> comment = Sync of passwd, shadow, group, and auto_home
> uid = 0
> gid = 1
> #auth users = admin
> #secrets file = /etc/rsyncd.secrets
> exclude from = /exclude.lst
>
> I had problems with the auth users, secrets file options so they are
> commented out right now. However, I would like to use the rsync form
> of authentication AND use ssh to sync these files up as well. Currently,
> the rsync clients run this out of the root crontab:
>
> /usr/local/bin/rsync -vz -e ssh rsync:[EMAIL PROTECTED]/sync/*
> /etc
An important point you have missed: the -e option is ignored when you're
connecting to an rsync daemon (that is, either "rsync://" or "::" syntax). Ssh
cannot be used in combination with it. Rsync really ought to be changed
to report that combination as an error instead of silently ignoring the -e.
> domain/hostname changed to protection the innocent :-)
>
> After reading a few posts, it seems that I need to use the authorised_keys
> file related to ssh so that it won't prompt for a pssword. This is
> correct? Also, is anyone doing rsync over ssh AND required auth
> users/secrets file? If so, I'd be interested in hearing about your
> configuration.
You need to decide whether you want to use the rsync daemon or ssh. If you
can use ssh, I highly recommend it because it is more secure than the
rsync daemon mode. The latter is more intended for when you need anonymous
access. If you do use ssh, yes, the authorized_keys mode is the best way
to go, using an ssh private key without a passphrase on the client side
(assuming you sufficiently protect that key from other users on the client).
- Dave Dykstra
