[lug] Looking for best way to avoid scripting password

Scott Rohling scott.rohling at gmail.com
Thu Apr 2 16:55:42 MDT 2009

Use ssh keys..

On Thu, Apr 2, 2009 at 2:27 PM, Chip Atkinson <chip at pupman.com> wrote:

> Greetings all,
> I'm trying to figure out the best way to do an rsync based remote backup.
> The final hurdle is how to avoid having my password in the backup script.
> I have sshd configured on the remote host to not allow root logins so I
> set up an ssh tunnel on my local host to go through another port.
> On the remote host, I start an sshd with a different sshd_config that
> allows root logins.  This sshd listens on a different port that is not
> open on the firewall.
> The only problem is that I need to sudo /usr/sbin/sshd.
> The problem arises when doing the sudo.  I came up with a number of
> solutions but don't know which is best so I thought I'd ask the group.
> 1) Password appears in backup script and is sent to sudo command
> 2) edit /etc/sudoers on remote system to allow the remote user to launch
> sshd
> 3) Put the password on a CD and arrange the external CD player so that the
> CD falls out after the pw is read.
> 4) USB stick, but that's no different than reading a local file really
> I'd like to run nightly backups so #3 is not quite ideal.
> Are there other solutions to my problem that I don't know about or haven't
> thought of?
> Thanks in advance.
> Chip
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20090402/2ba4cf92/attachment.html>

More information about the LUG mailing list