1 |
>> Is the purpose of the Host block in .ssh/config to store the hostname |
2 |
>> of the backup server so it doesn't need to be used directly in the |
3 |
>> rdiff-backup command? |
4 |
> |
5 |
> It forces key-based authentication when connecting to the backup server. |
6 |
> The default is password-based, which obviously won't work in a cron job. |
7 |
|
8 |
I don't use an .ssh/config at all and I'm not prompted for a password |
9 |
if the keys are in place. My sshd_config is pretty much default and |
10 |
my normal user is prompted for a password. |
11 |
|
12 |
>> Why create a password for the backup user? Doesn't that open up the |
13 |
>> possibility of someone logging in as that user, when otherwise the |
14 |
>> account would only be used for backing up files? |
15 |
> |
16 |
> It might work without one; in these instructions the |
17 |
> machine-to-be-backed-up never connects to the backup server as root, and |
18 |
> so you need a way to SCP stuff to the backup server. I usually use a |
19 |
> `pwgen 16` password for these accounts and then immediately forget it, |
20 |
> so nobody will log in to them for a few billion years at least. |
21 |
> |
22 |
> Does key-based authentication work with no password? I've never tried. |
23 |
|
24 |
It does! :) |
25 |
|
26 |
- Grant |