[RossLUG] Thoughts on ssh and security.
jon at rosslug.org.uk
Wed Mar 14 22:17:27 UTC 2012
I totally agree with you on the keys side, loads easier.
one thing I notice from your rsync command that you are missing the -p,
-o and -g switches - this is to preserve permissions/owners/groups...
I generally go with -avz (all) which is effectively -rlptgoD
Hope this might help...
On Wed, 2012-03-14 at 20:09 +0000, Dave Hunt wrote:
> Hi all, sorry I couldn't make the meet, these are a couple of the points I would have wanted to share.
> I used to have ssh running on port 22, with vnc tunneled, and with sufficiently strong passwords, it's not likely to get hacked. (The brute force attacks were pretty lame) Since I moved the port to a non-standard one, the attacks have stopped, re-inforcing my opinion that there is not much intelligence at the other end.
> If anyone is interested in using rsync over ssh, there are some useful pages out there, easy to find with a search. This is how I backup my server, fox (runs Puppy 1.08 on pendrive) to my Slackware 12 box, wolf. Script run from wolf as root. To avoid using a password, rsynckey generated on wolf (ssh-keygen) and rsynckey.pub copied into /root/.ssh/authorized_keys on fox. The first time I did this I forgot to exclude /proc and /dev which slowed things down a bit and was a bit pointless.
> rsync -rltzuv --delete --exclude=/dev --exclude=/proc -e "ssh -i /root/rsynckey" root at fox:/ /root/fox
More information about the RossLUG