> > On April 28, 2014 6:03:16 AM PDT, Venky Shankar > > <vshankar@xxxxxxxxxx> wrote: > >> On 04/27/2014 11:55 PM, James Le Cuirot wrote: > >>> I'm new to Gluster but have successfully tried geo-rep with 3.5.0. > >>> I've read about the new tar+ssh feature and it sounds good but > >>> nothing has been said about the tar_ssh.pem file that gsyncd.conf > >>> references. Why is a separate key needed? Does it not use gsyncd > >>> on the other end? If not, what command should I lock it down to > >>> in authorized_keys, bug #1091079 notwithstanding? > >> geo-replication "create push-pem" command should add the keys on > >> the slave for tar+ssh to work. That is done as part of geo-rep > >> setup. I had seen the new "create push-pem" option and gave it a try today. I see that it does indeed create a different key with a different command in the authorized_keys file. One question remains though and this stems back to bug #1091079. push-pem expects you to have setup passwordless SSH access already so what is the point of adding further lines to authorized_keys when general access is already allowed? Surely this is bad for security? Wouldn't it be better for push-pem to prompt for a password so that only the required access is added? Regards, James _______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://supercolony.gluster.org/mailman/listinfo/gluster-users
