[lug] Looking for best way to avoid scripting password
Scott Rohling
scott.rohling at gmail.com
Thu Apr 2 16:55:42 MDT 2009
Use ssh keys..
On Thu, Apr 2, 2009 at 2:27 PM, Chip Atkinson <chip at pupman.com> wrote:
> Greetings all,
>
> I'm trying to figure out the best way to do an rsync based remote backup.
> The final hurdle is how to avoid having my password in the backup script.
>
> I have sshd configured on the remote host to not allow root logins so I
> set up an ssh tunnel on my local host to go through another port.
>
> On the remote host, I start an sshd with a different sshd_config that
> allows root logins. This sshd listens on a different port that is not
> open on the firewall.
>
> The only problem is that I need to sudo /usr/sbin/sshd.
>
> The problem arises when doing the sudo. I came up with a number of
> solutions but don't know which is best so I thought I'd ask the group.
> 1) Password appears in backup script and is sent to sudo command
> 2) edit /etc/sudoers on remote system to allow the remote user to launch
> sshd
> 3) Put the password on a CD and arrange the external CD player so that the
> CD falls out after the pw is read.
> 4) USB stick, but that's no different than reading a local file really
>
> I'd like to run nightly backups so #3 is not quite ideal.
>
> Are there other solutions to my problem that I don't know about or haven't
> thought of?
>
> Thanks in advance.
>
> Chip
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20090402/2ba4cf92/attachment.html>
More information about the LUG
mailing list