[lug] Looking for best way to avoid scripting password: Question from a listener

[Paul E Condon]

On 2009-04-02_13:27:40, Chip Atkinson wrote:
> Greetings all,
> 
> I'm trying to figure out the best way to do an rsync based remote backup.
> The final hurdle is how to avoid having my password in the backup script.
> 
> I have sshd configured on the remote host to not allow root logins so I
> set up an ssh tunnel on my local host to go through another port. 
> 
> On the remote host, I start an sshd with a different sshd_config that
> allows root logins.  This sshd listens on a different port that is not
> open on the firewall.
> 
> The only problem is that I need to sudo /usr/sbin/sshd.
> 
> The problem arises when doing the sudo.  I came up with a number of
> solutions but don't know which is best so I thought I'd ask the group.
> 1) Password appears in backup script and is sent to sudo command
> 2) edit /etc/sudoers on remote system to allow the remote user to launch
> sshd
> 3) Put the password on a CD and arrange the external CD player so that the
> CD falls out after the pw is read.
> 4) USB stick, but that's no different than reading a local file really
> 
> I'd like to run nightly backups so #3 is not quite ideal.
> 
> Are there other solutions to my problem that I don't know about or haven't
> thought of?

Chip, I'm trying to learn from listening, but I am uncertain as to what you
are trying to backup, and where the resulting backup-image is to be located.

You are in some place you think of as local (as opposed to 'remote'). There
is a remote server. Is the remote server something for which you wish to
create/update an image copy on your local host? Or is the remote server in
a 'safe' place, and you want to create a safe copy backup of your local
operation at that safe site, away from local hazards? Or is it both? 

Thanks,
-- 
Paul E Condon           
pecondon at mesanetworks.net