Page 1 of 1
Linux passwords using rsync and ssh
Posted: Mon Jun 19, 2006 5:19 pm
by Todd_Z
I created a php script which essentially runs the following commands:
rsync all files from local server to remote server
dump two databases into separate sql files
secure copy those files to the server
input those sqls into the database
The problem I have is that I need to type in the same password about 6 times for this script because of the ssh calls and rsync. Is there a way that I can type it in once and it stores it for the rest of the calls? either through php or otherwise...
Posted: Mon Jun 19, 2006 6:57 pm
by timvw
Have you considered public/private key authentication already?
Posted: Mon Jun 19, 2006 7:16 pm
by Todd_Z
my friend [ the server admin ] is very anal about security, he doesn't want to expose that vulnerability....
...... don't explain how its a very secure method .... you'd be preaching to the choir.
Posted: Mon Jun 19, 2006 7:49 pm
by timvw
Todd_Z wrote:he doesn't want to expose that vulnerability... don't explain how its a very secure method
You're right, i'm not going to explain anything, i'm going to ask:
- Why is it considered a vulnerability?
- Why is it considered more vulnerable than sending passwords over the wire?
- Why is it considered more vulnerable since you can allow certain keys from a set of given hosts.. where there is no such diversification for passwords?
Btw, since you're friend is anal about security, i hope he's got yourself some encrypted memory, since storing passwords in memory can be considered as unsafe too

Posted: Mon Jun 19, 2006 8:17 pm
by Todd_Z
i wouldn't put it past him =>
I think he is more worried about the physical security on my computer, in a college setting, someone could copy my known hosts file to their comp in seconds
Posted: Tue Jun 20, 2006 12:35 am
by timvw
What can be done with a private key file if you don't have the passphrase for that key?
What can be done with a scriptfile if it contains the username and/or password?
Posted: Tue Jun 20, 2006 12:57 am
by Benjamin
timvw wrote:What can be done with a private key file if you don't have the passphrase for that key?
What can be done with a scriptfile if it contains the username and/or password?
Your demonstrating your deep understanding of these security mechanisms, which is impressive, but it doesn't really answer the question. I would think there would a way to have the script ask for the username and password once, then store it in variables for the rest of the commands that require them. That should be pretty easy right?
Posted: Tue Jun 20, 2006 3:35 am
by timvw
The point i was trying to make is that a Key Agent (eg: ssh-agent) does this...