[Mageia-dev] SSH PAM configuration

Anne Wilson annew at kde.org
Tue Aug 14 16:56:33 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 14/08/12 10:01, Colin Guthrie wrote:
> 'Twas brillig, and Anne Wilson at 13/08/12 18:06 did gyre and
> gimble:
>> On 13/08/12 11:04, Olav Vitters wrote:
>>> On Mon, Aug 13, 2012 at 09:39:07AM +0100, Anne Wilson wrote:
>>>> Why would anyone need root login over ssh?  I don't allow it
>>>> on my server and it has never caused me any problems.  Su to
>>>> root works perfectly well and avoids the security risk, so I
>>>> don't understand this thread.
>> 
>>> Remote backups. Quite easy to setup an SSH key which only runs 
>>> rsync.
>> 
>> I use rsync on the server for local backups, and I use SSH with
>> keys to access the server from laptops for maintenance tasks, but
>> I have never managed to make rsync over ssh with keys work.
>> People tell me to just use ssh without keys, but I'm reluctant to
>> do that.  Maybe one day I'll find something that steps me through
>> it, so that I can find the missing link.
> 
> In this case if you want a special key that can *only* run rsync
> you need to configure your authorized_keys correctly with
> appropriate command= definition.
> 
> But even without specific setup if you can ssh between hosts
> happily, just do "rsync -e ssh"  on the client side and just use 
> foo at remote:/path/to/files syntax. Job done :)
> 
Sure, but knowing how prone we all are to forget, my intention was to
do it by cron :-)  As I said, I can manually do anything I need to,
but I want scheduled checks for changed files.  Annoyingly, I have to
say that the only part I have working for that is the Windows 7 backup
of my embroidery project files.  When I'm working there, changes are
backed up four times a day.

I'm guessing that Windows is using my local mount of the appropriate
drive on the server, and I tried doing that in Linux, thinking it
would solve it, but no matter what I do, I still get "denied".  It has
to be something about the way the keys are passed to the server when
using cron, as I can use the local mount to move things around in
Dolphin with no problems whatsoever.  If I ssh from konsole it is
clear that my keys are being passed.  I don't think cron is doing that.

Anne
- -- 
Need KDE help? Try
http://userbase.kde.org or
http://forum.kde.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAqZx8ACgkQj93fyh4cnBdnowCgillA7xTkrC2YvQg5Et1gxT2k
wNMAn0a8hRmIkOWYd+iBJ75X6Xn1BgWN
=K4Z6
-----END PGP SIGNATURE-----


More information about the Mageia-dev mailing list