On Thu, Oct 27, 2005 at 07:35:47PM +0100, Manuel L?pez-Ib??ez wrote:
> Could this also be added to the FAQ ? Please!
You must not have read the FAQ recently, because this idea has been
there for a week now: after Matt mentioned the HostKeyAlias option back
on the 19th, I replied saying what a nic
Yes, your explanations are better. I will promote #2 to become #1, since
it is more likely the one that will work better in all situations.
Another thing is... if you can use "Method #2 Rsync SSH-es to target
using a proxy command that first SSH-es to middle" also with rsync
daemon servers, th
On Thu, 2005-10-27 at 21:48 +0100, Manuel López-Ibáñez wrote:
> Method 1: no rsync daemon server, passwordless authentication in middle
> machine.
>
> Method 2: no rsync daemon server, using SSH proxy
>
> Method 3: no rsync daemon server, using SSH port forwarding
>
> Method 4: no rsync daemon ser
Oh, yes! I am sorry, I should have checked that twice.
Wayne did really a great work on the FAQ.
I would add something instead (of added to) the Method #. For example,
Method 1: no rsync daemon server, passwordless authentication in middle
machine.
Method 2: no rsync daemon server, using SSH
On Thu, 2005-10-27 at 09:46 -0400, Carson Gaspar wrote:
> Hot keys aren't a problem if you use HostKeyAlias - see ssh_config(4). e.g.:
On Thu, 2005-10-27 at 19:35 +0100, Manuel López-Ibáñez wrote:
> Could this also be added to the FAQ ? Please!
My original explanation included the HostKeyAlias t
Carson Gaspar wrote:
>
>
> --On Saturday, October 22, 2005 1:56 AM +0100 Manuel López-Ibáñez
> <[EMAIL PROTECTED]> wrote:
>
>>> This setup seems to work well--perhaps it could be added to the rsync
>>> FAQ page as Method 2b. The only annoyance is that one might still get
>>> two indistinguisha
Could this also be added to the FAQ ? Please!
Thanks,
Manuel.
Carson Gaspar wrote:
--On Thursday, October 20, 2005 12:53 PM -0700 Wayne Davison
<[EMAIL PROTECTED]> wrote:
On Wed, Oct 19, 2005 at 10:29:21PM -0400, Matt McCutchen wrote:
$ ssh -L :target:22 -N -f [EMAIL PROTECTED]
Passw
--On Saturday, October 22, 2005 1:56 AM +0100 Manuel López-Ibáñez
<[EMAIL PROTECTED]> wrote:
This setup seems to work well--perhaps it could be added to the rsync
FAQ page as Method 2b. The only annoyance is that one might still get
two indistinguishable "Password:" prompts; could someone t
--On Thursday, October 20, 2005 12:53 PM -0700 Wayne Davison
<[EMAIL PROTECTED]> wrote:
On Wed, Oct 19, 2005 at 10:29:21PM -0400, Matt McCutchen wrote:
$ ssh -L :target:22 -N -f [EMAIL PROTECTED]
Password: middlepass
Port-forwarding 22 is a great idea as long as ssh is configured not to
This setup seems to work well--perhaps it could be added to the rsync
FAQ page as Method 2b. The only annoyance is that one might still get
two indistinguishable "Password:" prompts; could someone tell me how to
configure SSH so the prompt reveals the target
Well, actually, I get "Password: " p
On Fri, Oct 21, 2005 at 11:55:22AM -0400, Jay Fenlason wrote:
> If you have the keys for both hosts in your ~/.ssh/known_hosts file,
> ssh doesn't complain at all, even with host checking enabled.
It would complain if the "HostKeyAlias" config item wasn't used (and the
known_hosts file already had
On Thu, Oct 20, 2005 at 12:53:08PM -0700, Wayne Davison wrote:
> On Wed, Oct 19, 2005 at 10:29:21PM -0400, Matt McCutchen wrote:
> > $ ssh -L :target:22 -N -f [EMAIL PROTECTED]
> > Password: middlepass
>
> Port-forwarding 22 is a great idea as long as ssh is configured not to
> complain about
On Fri, 2005-10-21 at 10:04 -0400, Matt McCutchen wrote:
> ~/.ssh/config:
> Host target
> ProxyCommand ssh middle nc %h %p
Apparently, ssh uses a SIGHUP to tell the ProxyCommand that it is
finished with the connection. If nc is used as the proxy, it
understands the SIGHUP as a request
On Thu, 2005-10-20 at 19:37 +0100, Manuel López-Ibáñez wrote:
> That technique of using a SSH tunnel through middle seems really nice.
> Actually it is similar (I think even better because yours doesn't
> require a rsync server) to the one described in the rsync FAQ [1] as
> method 2.
>
> [1] h
On Wed, Oct 19, 2005 at 10:29:21PM -0400, Matt McCutchen wrote:
> $ ssh -L :target:22 -N -f [EMAIL PROTECTED]
> Password: middlepass
Port-forwarding 22 is a great idea as long as ssh is configured not to
complain about the host conflict -- nicely done. I've added this to the
FAQ in the "rsync
That technique of using a SSH tunnel through middle seems really nice.
Actually it is similar (I think even better because yours doesn't
require a rsync server) to the one described in the rsync FAQ [1] as
method 2.
[1] http://samba.anu.edu.au/rsync/FAQ.html#6
Matt McCutchen wrote:
On Thu, 2
Wayne Davison wrote:
On Thu, Oct 20, 2005 at 06:06:28PM +0100, Manuel L?pez-Ib??ez wrote:
Can rsync work while ssh-agent is forwarding data?
Of course. All rsync needs is an 8-bit clean pipe to send its data.
What ssh does on its own to authorize connections is of no concern to
rsync.
..wa
Wayne Davison wrote:
On Thu, Oct 20, 2005 at 01:15:54AM +0100, Manuel L?pez-Ib??ez wrote:
For example, isn't it possible for the root of middle (or some
attacker) to get my keys and use them?
No, that's not how ssh keys work at all. Firstly, you only need to put
the *public key* on the midd
On Thu, Oct 20, 2005 at 06:06:28PM +0100, Manuel L?pez-Ib??ez wrote:
> Can rsync work while ssh-agent is forwarding data?
Of course. All rsync needs is an 8-bit clean pipe to send its data.
What ssh does on its own to authorize connections is of no concern to
rsync.
..wayne..
--
To unsubscribe
Wayne Davison wrote:
On Thu, Oct 20, 2005 at 01:15:54AM +0100, Manuel L?pez-Ib??ez wrote:
For example, isn't it possible for the root of middle (or some
attacker) to get my keys and use them?
No, that's not how ssh keys work at all. Firstly, you only need to put
the *public key* on the midd
On Thu, Oct 20, 2005 at 01:15:54AM +0100, Manuel L?pez-Ib??ez wrote:
> For example, isn't it possible for the root of middle (or some
> attacker) to get my keys and use them?
No, that's not how ssh keys work at all. Firstly, you only need to put
the *public key* on the middle host and the destina
On Thu, 2005-10-20 at 01:15 +0100, Manuel López-Ibáñez wrote:
> [...] There is a FAQ section (which I linked in my first message) explaining
> how to do this using keys. That is not the point. For example, isn't it
> possible for the root of middle (or some attacker) to get my keys and
> use the
Matt McCutchen wrote:
Martin Schröder's suggestion of ssh-agent might be better in the long
term or if the X business doesn't work, but I got the impression you
didn't want to set up any kind of special SSH authentication.
Yes, that is precisely the point.
There is a FAQ section (which I l
Matt McCutchen wrote:
On Thu, 2005-10-20 at 00:05 +0100, Manuel López-Ibáñez wrote:
I understand completely that it's not rsync's job to handle ssh password
prompts, however, isn't it the first password prompt handled by rsync?
Why the other password prompts cannot be handled in a similar w
On 2005-10-19 17:36:55 +0100, Manuel López-Ibáñez wrote:
> source $ ssh middle
> middle's password: pass_middle
> middle $ ssh target
> target's password: pass_target
> target $
Use keys and ssh-agent. :-)
[...]
> Now, I want to transfer files from source to target.
Check out ssh's forwarding o
Wow! Dude! This is the most comprehensive, user-friendly, nice,
knowledgeable answer I have ever received. Thanks very much! That
answers everything.
I understand completely that it's not rsync's job to handle ssh password
prompts, however, isn't it the first password prompt handled by rsync?
On Wed, 2005-10-19 at 22:22 +0100, Manuel López-Ibáñez wrote:
> Thanks very much. However, for several reasons, I cannot apply that
> "trick" in my case. Apart from those reasons, there is no X server on
> middle or target at all. [...] And what should I put in $DISPLAY?
Graphical programs find
Matt,
Thanks very much. However, for several reasons, I cannot apply that
"trick" in my case. Apart from those reasons, there is no X server on
middle or target at all. Moreover, which password-prompting program
should I use? middle is an OpenBSD machine. And what should I put in
$DISPLAY?
Manuel,
The trouble in all three cases is that rsync expects to have the SSH
data stream to "middle" all to itself, but you need to slip a password
into this stream first so that the connection to "target" can be made.
Here's what I think would be easiest. If ssh's input is not a terminal,
but $
Hi, I have searched the whole internet and mailing list and I was unable
to find a clear answer to this. The method described in the FAQ [1] are
not useful for me.
Three machines source, middle, target. ssh into middle from source
requires password pass_middle. ssh into target from middle req
30 matches
Mail list logo