RE: cron'ing rsync over ssh

Jesse, I have recently gone through this myself for the first time (on Redhat 8) I did the following:
On the backup administration machine:
execute 'ssh-keygen -t rsa' (-t rsa stands for using rsa2 (=dsa) type encryption protocol version
You're prompted for the key name to create (lets say use
/root/.ssh/rsync_key, where /root is root's home directory).
Next, you're prompted for the passphrase. Don't enter any passphrase for a 'cron-able' ssh key (otherwise an interactive typing of the passphrase is necessary)
The key <should> generate properly. In /root/.ssh, there should be two new files: rsync_key, and rsync_key.pub. Open rsync_key.pub. Open a connection to the machine that you want to backup from. (The backup user should exist on this machine as well of course). go to the /root/.ssh directory on this machine. vi a file called authorized_hosts in this directory, and paste the contents of rsync_key.pub from the backup server into this file, and save it. AFAIK authorized_keys must be readable/writable ONLY by the the owner (root in this case), as is the case with the .ssh directory in which it lies, and the home directory itself must only be writable by the owner (that one caught me for a good while). Next, create a wrapper script (lets call it
/root/scripts/ssh-wrapper.sh) on the admin machine containing the following:
#! /bin/sh
unset SSH_AUTH_SOCK
exec ssh -x -a -i /root/.ssh/rsync_key $*

You may need to run the wrapper once manually to get the ip address of the backup machine inserted into the authorized_hosts file on the backup client machine.
In your crontab, put in something like: rsync -a -e /root/scripts/ssh-wrapper.sh <remote machine name>:/tmp/test.file.remote /tmp/test.file.local this tells rsync to use the ssh-wrapper.sh script as the wrapper over which to rsync the files. This example should rsync the local /tmp/test.file.local file with the remote /tmp/test.file.remote file.

YMMV with different *nix's and linux versions of course, but I think the idea is the same.

In my experience if ssh keeps prompting for a password, the problem is with the home dir or .ssh dir or authorized_key permissions about 80% of the time.
HTH
Denis

-----Original Message-----
From: Paul Dean [mailto:paul@canningcollege.wa.edu.au] Sent: 19 March 2003 03:12
To: 'Jesse Burkhardt'; secureshell@securityfocus.com Subject: RE: cron'ing rsync over ssh

Hya,

Generate your keys for root from the box you want run rsync from (client).
Copy your public key to the machine you want login (servers), to the
/root/.ssh directory.
I recommend creating DSA keys and setting your host keys to only use DSA as well.

HTH Thanks...

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Paul.

## Remember: Live your life as if you are on a stage before the whole of creation.

-----Original Message-----
From: Jesse Burkhardt [mailto:jesse@skybuilders.com] Sent: Wednesday, 19 March 2003 2:32 AM
To: secureshell@securityfocus.com
Subject: cron'ing rsync over ssh

My setup is: I run rsync daemonized on various server machines in my LAN - i.e., the source machines certain partitions of which I want to backup. I would like the client, the destination archiving machine, to run hourly crons over ssh, but so far the only thing I have been able to

do is rsync across (as root so that I am not denied anything) only after interactively supplying my root password to the ssh daemon. How do I get around interactive ssh interactive password requirement so that I can cron all these rsync client requests regularly?

I know passwordless implementation involve ssh-keygen and ssh-agent, but

I haven't figured out what the proper usages are yet.

Thanks

-- 

Jesse Burkhardt
jesse@skybuilders.com  (w) 617-876-5680
goose@aerogoose.com    (h) 617-354-5523
             __
   __ /     / /     /  /    __
  /_ /<    /-<    ./__/_ _ /_
__// / \//__//_////_/_ / __/
        /




**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
your system administrator.

This footnote also confirms that this email message has been checked for 
the presence of computer viruses.

www.fexco.com
**********************************************************************

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek