Re: xinetd/rsync

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On December 27, 2004 03:16 pm, Jim B. wrote:
> I'm trying to setup a pair of servers so that server A rsync's to server B
> over a dedicated crossover connection they have.  The goal is to cron job
> it and have it work without being prompted for a password.  Normally I'd
> use ssh keys for something like this, only in this case they have a
> dedicated crossover connection so I feel silly wasting the cpu to encrypt
> the traffic.  Is there a way to use xinetd/tcpwrappers to allow only a
> specific user the ability to rsync from serverA to serverB without being
> prompted for a password?
>
> Thanks
> -jim


HI,
I believe you can do the access to the server via TCPwrappers ("man  5 
HOSTS_ACCESS"), but it may be simpler with PAM.

I have a doc that describes how to do this via PAM.
Look at:
http://www.linux1.ca
  -select Documents
    -select "Limiting SSH Access"
 look at the section "PAM access control"

note, that you still need to authenticate the SSH session, so you'll need a 
key (or an account with no password [no!]), unless you used rhost (not 
normally a good choice). If you had an account with rhost access from Server 
A to Server B, and restricted the rhost access to use Server B as a host... 
well, it is still pretty risky, probably not worth the cpu savings. You could 
use IPtables to restrict ssh based on MAC address and interface, but that 
would really limit server maintenance etc (won't work if going thru a 
router).

hope that helps.
-- 
Pete Nesbitt, rhce

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux