[lug] Looking for best way to avoid scripting password

Paul E Condon pecondon at mesanetworks.net
Thu Apr 2 17:59:58 MDT 2009

On 2009-04-02_13:27:40, Chip Atkinson wrote:
> Greetings all,
> I'm trying to figure out the best way to do an rsync based remote backup.
> The final hurdle is how to avoid having my password in the backup script.
> I have sshd configured on the remote host to not allow root logins so I
> set up an ssh tunnel on my local host to go through another port. 
> On the remote host, I start an sshd with a different sshd_config that
> allows root logins.  This sshd listens on a different port that is not
> open on the firewall.
> The only problem is that I need to sudo /usr/sbin/sshd.
> The problem arises when doing the sudo.  I came up with a number of
> solutions but don't know which is best so I thought I'd ask the group.
> 1) Password appears in backup script and is sent to sudo command
> 2) edit /etc/sudoers on remote system to allow the remote user to launch
> sshd
> 3) Put the password on a CD and arrange the external CD player so that the
> CD falls out after the pw is read.
> 4) USB stick, but that's no different than reading a local file really
> I'd like to run nightly backups so #3 is not quite ideal.
> Are there other solutions to my problem that I don't know about or haven't
> thought of?
> Thanks in advance.

I'm puzzled by this. Isn't passwordless login what public key
encription is for?  I think I have it working on a couple of my
computers. I'm sure there are no passwords in my backup scripts. What
is keeping you from storing the proper public key in the machine into
which to login?

Paul E Condon           
pecondon at mesanetworks.net

More information about the LUG mailing list