integrating rsync with Rev
David Bovill
david at openpartnership.net
Fri May 23 06:48:00 EDT 2008
I have not come across "ssh-copy-id utility" - it looks like a linux only
utility which simply achieves the purpose of copying the public key to the
server. This is the same thing you would usually do using the secure copy
"scp" utlity which you will find on most *nix based machines including OSX
by default.
You have some interesting comments about limiting the ssh access to commands
etc - but I am not sure if this is regular security advice? My take on this
has been that you MUST have a secure local machine - and the security
critical part is generating the key and transferring it to the server
without someone gaining access at either of these stages. People go as far
as to generate the keys on special hardware or offline machines. Do you have
any references to the text on the page regarding limiting ssh access?
2008/5/20 Josh Mellicker <josh at dvcreators.net>:
> If you're setting up ssh key pairs, you won't need to use "expect" because
> no password is needed.
>
> I started following this article:
>
> http://www.sakana.fr/blog/2008/05/07/securing-automated-rsync-over-ssh/
>
> but got stuck at "We can use the ssh-copy-id utility for this purpose"
> since I have no such utility. I was going to manually add the key pair to
> "~/.ssh/authorized_keys " on the remote host, but I'm not sure what "~"
> signifies on a Linux box. (on OS X it's the user directory)
>
> But Sarah's solution seems to work great.
Yes - I'd still like to apply the same "expect" technique to ssh-keygen as
it has more general application to other command-line utilities and offers
increased security.
> One caveat, with rsync, I have not figured out how to provide a progress
> slider!
>
For that you need I think the 2.9 ability to write and read to the open
process - and then have rsync give some feedback with command line
options??? Not sure.
More information about the use-livecode
mailing list