On Thu, Jul 12, 2001 at 04:55:10PM -0700, Martin Pool <[EMAIL PROTECTED]> wrote:
| On 7 Jul 2001, Dave Wreski <[EMAIL PROTECTED]> wrote:
| > I'm using command= in my authorized_keys file in conjunction with rsync,
| > but for some reason it's matching the wrong key. It also seems arbitrary.
| >
| > On the local side, I'm using "rsync -avze 'ssh -i key' files/ host:/path"
| > and on the remote side I'm using:
| >
| > command="/usr/bin/rsync --server -vlogDtprz . /path" key....
| >
| > There are about fifteen keys in the authorized_keys file, but unless I
| > move the correct key to the top of the file, it will seemingly arbitrarily
| > pick a key from the fifteen instead of the correct one. Why is this? They
| > keys are in fact different; each one of the fifteen were generated with
| > ssh-keygen.
|
| This sounds more like an ssh bug; I would try taking the report to
| their mailing lists.
Well... "It's a feature."
Well, anyway, it's documented behaviour. Ssh will try all the keys, even if you
hand it the -i flag to say "here's the key I want, dumbo!"
Solution: disable your ssh-agent for the ssh-invocation.
No, ssh doesn't have a handy "don't use the agent" option either :-(
To this end I use two scripts:
no-ssh-agent, to run an arbitrary command without an agent available:
http://www.zip.com.au/~cs/scripts/no-ssh-agent
and
nphssh, to invoke ssh with a special phraseless key via the -i flag:
http://www.zip.com.au/~cs/scripts/nphssh
Feel free to copy these and install in your $PATH.
Observe that nphssh is really a small wrapper for no-ssh-agent and ssh.
Then just use
-e 'nphssh special-key-filename'
with your rsync onvocations (or use the $RSYNC_RSH variable likewise).
You may guess from the tone of this item that I've been bitten by this
myself, repeatedly. Not any more.
--
Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
If it can't be turned off, it's not a feature. - Karl Heuer
