On Sat, 12 Mar 2022 at 08:45, Florian Sager via rsync
wrote:
> Hi,
>
> I gave up using rrsync some years ago because of
> a) potential security issues with path references that can occur within
> the rsync execution in the call of rrsync
> b) possibly unmatched rsync options (rrsync must be kept
On 3/11/2022 4:39 AM, Dr. Mark Asbach via rsync wrote:
a) Using ssh-askpass, we can use the options -e "ssh -X"
--rsync-path="sudo -A rsync" (see https://askubuntu.com/a/1167758).
The problem in our scenario is that using ansible, we run the
identical rsync command on multiple hosts in
On Fri, Mar 11, 2022 at 10:36:49PM -0800, Bri Hatch via rsync
wrote:
> On Fri, Mar 11, 2022 at 10:22 PM Kevin Korb via rsync
> wrote:
>
> > Rsync includes a script named rrsync that handles this perfectly.
>
> And authprogs provides similar functionality, though you use yaml to define
> what
On 12/03/22 19:36, Bri Hatch via rsync wrote:
On Fri, Mar 11, 2022 at 10:22 PM Kevin Korb via rsync
mailto:rsync@lists.samba.org>> wrote:
Rsync includes a script named rrsync that handles this perfectly.
And authprogs provides similar functionality, though you use yaml to
define what
Hi there,
Thanks for your feedback!
> Bear in mind, putting a password in an environment variable can be seen by
> other users on the same system with "ps auxwwe".
Sure. But in my scenario, the control host is considered a „safe“ developer
machine, while the target host is considered the
The environment variables of a process when it was started are available
via /proc//environ file. So while other users on that system can't see
the environ, every other process running as your target user could.
Worse, however, your "echo" process puts the password in arguments, and any
local
On Sat, Mar 12, 2022 at 12:23 PM Dr. Mark Asbach via rsync <
rsync@lists.samba.org> wrote:
> Hi there, hi past me,
>
> > My (non-working) attempt:
> > […]
> > So it seems the "-l" is dropped into the void letting ssh assume USER
> was the target host? I don’t actually get what I can do.
>
> Turns
Hi there, hi past me,
> My (non-working) attempt:
> […]
> So it seems the "-l" is dropped into the void letting ssh assume USER was the
> target host? I don’t actually get what I can do.
Turns out, I have to write down the description of my issue and then send the
email before I magically
Hi everyone,
Thanks for all the ideas! Meanwhile, I’ve made some progress because there was
another answer on "ask ubuntu" that got absolutely no interaction but that is a
brilliant solution:
https://askubuntu.com/a/1263657 :
> just create a wrapper script for the ssh command.
> ssh_sudo:
> {
Hi,
I gave up using rrsync some years ago because of
a) potential security issues with path references that can occur within
the rsync execution in the call of rrsync
b) possibly unmatched rsync options (rrsync must be kept up-to-date to
match new options _and_ some options need to be
Also, it appears that it requires the allowed directory to be specified
in authorized_keys. Mine uses an external list of allowed directories,
so I don't need lots of lines (and separate keys?) in authorized_keys in
order to deal with the several directories I back up per host.
Cheers,
It may do the job; it doesn't AFAIK explain why the options are
undocumented :-)
Cheers,
Richard
On 12/03/22 19:22, Kevin Korb via rsync wrote:
Rsync includes a script named rrsync that handles this perfectly.
On 3/12/22 01:08, Richard Hector via rsync wrote:
On 12/03/22 18:38, Richard
On Fri, Mar 11, 2022 at 10:22 PM Kevin Korb via rsync
wrote:
> Rsync includes a script named rrsync that handles this perfectly.
>
And authprogs provides similar functionality, though you use yaml to define
what is/isn't allowed. However it does allow you to use one SSH identity
for potentially
Rsync includes a script named rrsync that handles this perfectly.
On 3/12/22 01:08, Richard Hector via rsync wrote:
On 12/03/22 18:38, Richard Hector via rsync wrote:
And I do my backups (using dirvish) as root, using a key with a forced
command.
FWIW, that forced command is here:
On 12/03/22 18:38, Richard Hector via rsync wrote:
And I do my backups (using dirvish) as root, using a key with a forced
command.
FWIW, that forced command is here:
https://github.com/rwhector/dirvish-forced-command
It's rather unpolished and undocumented, but comments very welcome :-)
On 12/03/22 06:06, Dr. Mark Asbach via rsync wrote:
Hi Dan,
Why not rsync directly as root? Then you can use a passwordless,
passphraseless RSA (or similar) keypair.
I'm not saying I agree with this, but ...
That’s because these are cloud instances that get maintained by multiple
On Fri, Mar 11, 2022 at 4:57 AM Dr. Mark Asbach via rsync <
rsync@lists.samba.org> wrote:
> b) Passing the password to sudo via stdin using --rsync-path "echo
> MYPASSWORD | sudo -S rsync" (see https://askubuntu.com/a/1155897).
In that ask-ubuntu example they are running a client rsync via
Hi Dan,
> Why not rsync directly as root? Then you can use a passwordless,
> passphraseless RSA (or similar) keypair.
That’s because these are cloud instances that get maintained by multiple
admins. If we require all of them to log in as root, we would have to share the
root password – and
Why not rsync directly as root? Then you can use a passwordless,
passphraseless RSA (or similar) keypair.
On Fri, Mar 11, 2022 at 4:58 AM Dr. Mark Asbach via rsync <
rsync@lists.samba.org> wrote:
> Hi there,
>
> We are using ansible to deploy system configuration and web application
> source
19 matches
Mail list logo
