xinetd/rsync
Pete Nesbitt
pete at linux1.ca
Tue Dec 28 00:25:27 UTC 2004
On December 27, 2004 03:16 pm, Jim B. wrote:
> I'm trying to setup a pair of servers so that server A rsync's to server B
> over a dedicated crossover connection they have. The goal is to cron job
> it and have it work without being prompted for a password. Normally I'd
> use ssh keys for something like this, only in this case they have a
> dedicated crossover connection so I feel silly wasting the cpu to encrypt
> the traffic. Is there a way to use xinetd/tcpwrappers to allow only a
> specific user the ability to rsync from serverA to serverB without being
> prompted for a password?
>
> Thanks
> -jim
HI,
I believe you can do the access to the server via TCPwrappers ("man 5
HOSTS_ACCESS"), but it may be simpler with PAM.
I have a doc that describes how to do this via PAM.
Look at:
http://www.linux1.ca
-select Documents
-select "Limiting SSH Access"
look at the section "PAM access control"
note, that you still need to authenticate the SSH session, so you'll need a
key (or an account with no password [no!]), unless you used rhost (not
normally a good choice). If you had an account with rhost access from Server
A to Server B, and restricted the rhost access to use Server B as a host...
well, it is still pretty risky, probably not worth the cpu savings. You could
use IPtables to restrict ssh based on MAC address and interface, but that
would really limit server maintenance etc (won't work if going thru a
router).
hope that helps.
--
Pete Nesbitt, rhce
More information about the redhat-list
mailing list