From owner-freebsd-security Mon Dec 10 10:29:46 2001 Delivered-To: freebsd-security@freebsd.org Received: from tandem.milestonerdl.com (tandem.milestonerdl.com [204.107.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 5079637B41C for ; Mon, 10 Dec 2001 10:29:43 -0800 (PST) Received: from tandem (tandem [204.107.138.1]) by tandem.milestonerdl.com (8.12.0/8.12.0) with ESMTP id fBAIXP6o090099 for ; Mon, 10 Dec 2001 12:33:25 -0600 (CST) Date: Mon, 10 Dec 2001 12:33:25 -0600 (CST) From: Marc Rassbach To: freebsd-security@FreeBSD.ORG Subject: Rsync, ssh and using root. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I know that using remote root login is considered bad behavior, but my job in implementation, not judgement of security. This is what the client wants...put a hole in the default FreeBSD security. The client in the old days had a 3.5 box (2 of them) and used a combination of rsync, rsync in daemon mode, and ssh to allow root to move data between both machines. What was done under 3.5 (remote keys, etc la) no longer work on 4.4. On 4.X, it seems to fail after authencation, and I have spent 20+ hours reading man pages, and the mail list and can't find a good work around. (I have resisted looking at the source becuase I do not feel it is a bug, nor do I wish to patch code to make this work) What I am looking for is a way to have root-level privilages for reading/writing files between servers as the lo-tech solution they want for the 'server backup' is moving files once a day. Guidance as to how to do this with rsync (break securty) or some other method that does not break security is welcome. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message