[RossLUG] Thoughts on ssh and security.
dave at carrybridge.co.uk
Thu Mar 15 18:22:17 UTC 2012
Thanks for the advice, Jon. I started off with -avz but there was a good reason for leaving out -p, but I can't remember why now!
On Wed, 14 Mar 2012 22:17:27 +0000
Jonathan Archer <jon at rosslug.org.uk> wrote:
> I totally agree with you on the keys side, loads easier.
> one thing I notice from your rsync command that you are missing the -p,
> -o and -g switches - this is to preserve permissions/owners/groups...
> I generally go with -avz (all) which is effectively -rlptgoD
> Hope this might help...
> On Wed, 2012-03-14 at 20:09 +0000, Dave Hunt wrote:
> > Hi all, sorry I couldn't make the meet, these are a couple of the points I would have wanted to share.
> > I used to have ssh running on port 22, with vnc tunneled, and with sufficiently strong passwords, it's not likely to get hacked. (The brute force attacks were pretty lame) Since I moved the port to a non-standard one, the attacks have stopped, re-inforcing my opinion that there is not much intelligence at the other end.
> > If anyone is interested in using rsync over ssh, there are some useful pages out there, easy to find with a search. This is how I backup my server, fox (runs Puppy 1.08 on pendrive) to my Slackware 12 box, wolf. Script run from wolf as root. To avoid using a password, rsynckey generated on wolf (ssh-keygen) and rsynckey.pub copied into /root/.ssh/authorized_keys on fox. The first time I did this I forgot to exclude /proc and /dev which slowed things down a bit and was a bit pointless.
> > rsync -rltzuv --delete --exclude=/dev --exclude=/proc -e "ssh -i /root/rsynckey" root at fox:/ /root/fox
> RossLUG mailing list
> RossLUG at rosslug.org.uk
More information about the RossLUG