| 1 |
>> Is the purpose of the Host block in .ssh/config to store the hostname |
| 2 |
>> of the backup server so it doesn't need to be used directly in the |
| 3 |
>> rdiff-backup command? |
| 4 |
> |
| 5 |
> It forces key-based authentication when connecting to the backup server. |
| 6 |
> The default is password-based, which obviously won't work in a cron job. |
| 7 |
|
| 8 |
I don't use an .ssh/config at all and I'm not prompted for a password |
| 9 |
if the keys are in place. My sshd_config is pretty much default and |
| 10 |
my normal user is prompted for a password. |
| 11 |
|
| 12 |
>> Why create a password for the backup user? Doesn't that open up the |
| 13 |
>> possibility of someone logging in as that user, when otherwise the |
| 14 |
>> account would only be used for backing up files? |
| 15 |
> |
| 16 |
> It might work without one; in these instructions the |
| 17 |
> machine-to-be-backed-up never connects to the backup server as root, and |
| 18 |
> so you need a way to SCP stuff to the backup server. I usually use a |
| 19 |
> `pwgen 16` password for these accounts and then immediately forget it, |
| 20 |
> so nobody will log in to them for a few billion years at least. |
| 21 |
> |
| 22 |
> Does key-based authentication work with no password? I've never tried. |
| 23 |
|
| 24 |
It does! :) |
| 25 |
|
| 26 |
- Grant |
Archives