On 12/03/09 06:23, Derek Martin wrote: > On Sun, Mar 08, 2009 at 11:20:09PM +1300, Morgan Read wrote: >> On 03/03/09 02:21, Greg Wooledge wrote: >>> where original_real_uid is set somewhere earlier in ssh.c. I won't >>> try to track it down any further (especially since I'm looking at >>> out-of-date sources), but it sure looks like it's evaluating the >>> home directory based on the current uid or euid, rather than the >>> contents of $HOME. >> It appears none of the environment variables has any impact on where ssh >> looks for it's keys. > > I think that's what Greg just told you. :) Hmm, oh well... I figured he meant to set $UID or $EUID as an environment variable. Never mind... > But I have to ask, if the rsync user's keys are the ones you're trying > to use, and the remote root user has those keys in its authorized_keys > file, why are you bothering with the sudo? If it's because you need > root permissions for the local end of the process, then it seems like > the right thing to do is use root's keys, or have the sudo process Well, that would kind of defeat the whole purpose of setting up the rsync account - which was to avoid having root and all it's privileges accessable from another machine without any futher authentication. I just wanted one particular service accessable with those privileges. > load the rsync user's keys by specifying the identity on the ssh I guess that was the bit of sage advice that's shone some light into the dark hole I've been floundering around in! Thanks!!! [rsync@morgansmachine ~]$ sudo ssh -i /home/rsync/.ssh/id_dsa -vvv root@morgansoldmachine ... debug1: Next authentication method: publickey debug1: Offering public key: /home/rsync/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-dss blen 434 debug2: input_userauth_pk_ok: fp d5:bf:66:35:9a:50:0d:7e:d2:fa:ec:05:c8:bb:d0:20 debug3: sign_and_send_pubkey debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). Happiness:)) [root@morgansoldmachine ~]# ssh -t rsync@morgansmachine sudo ssh -i /home/rsync/.ssh/id_dsa root@morgansoldmachine Last login: Sun Mar 22 10:55:41 2009 from morgansmachine.lan [root@morgansoldmachine ~]# logout Connection to morgansoldmachine closed. Connection to morgansmachine closed. [root@morgansoldmachine ~]# Works But yet: [root@morgansoldmachine ~]# ssh -t rsync@morgansmachine sudo rsync -n --rsh=’/usr/bin/ssh -i /home/rsync/.ssh/id_dsa’ /etc root@morgansoldmachine:/media/bigdisk/morgansmachine/etc rsync: Failed to exec \#342\#200\#231/usr/bin/ssh: No such file or directory (2) rsync error: error in IPC code (code 14) at pipe.c(84) [sender=3.0.5] rsync: writefd_unbuffered failed to write 4 bytes [sender]: Broken pipe (32) rsync error: error in IPC code (code 14) at io.c(1509) [sender=3.0.5] Connection to morgansmachine closed. [root@morgansoldmachine ~]# Doesn't work... Oh well, I guess that's for another list... Thanks, Morgan. -- Getting errors: "There are problems with the signature" (or similar)? Update your system by installing certificates from CAcert Inc, see here: http://wiki.cacert.org/wiki/BrowserClients?#head-259758ec5ba51c5205cfb179cf60e0b54d9e378b Or, if Internet Explorer is your default browser, simply click this link: http://www.cacert.org/index.php?id=17 Morgan Read NEW ZEALAND <mailto:mstuffATreadDOTorgDOTnz> fedora + freedom; fact || fiction? http://fedoraproject.org/wiki/Overview get freed-ora! http://www.fsfla.org/svnwiki/selibre/linux-libre/freed-ora
