how about auth users without a password?

Jim Salter jim at jrssystems.net
Wed Jan 21 09:11:26 GMT 2004 

Wouldn't this (accomplishing security restrictions without need to enter 
a password, or to enter a password more than once) be a lot more easily 
accomplished by simply using SSH transport and public/private keys 
instead of using the daemon mode at all?

Jim Salter

 > Larry Brasfield wrote:
> Hi, from a generally pleased new rsync user.
> 
> I have setup a number of services to be accessible via SSH.
> For most of them, it has been possible to arrange that clients
> can use a key agent and ssh's level 2 protocol to gain access
> without the need of entering passwords more than once, at
> the start of a session (assuming their keys are not stored in
> the clear).
> 
> Most of these services can be setup to restrict specific users
> to specific subsets of the potentially available access.  With
> rsync, this appears to be feasible using the "auth users"
> configuration item in rsyncd.conf, but in my efforts so far,
> this always results in a password prompt.
> 
> So, this is either a question or a suggestion.
> 
> How can I use rsyncd.conf to limit module access to specific
> users (or groups, preferably) without inducing rsync to demand
> a password?  If this is not presently possible, I suggest that a
> nice enhancement would be to make it possible via some device
> such as a '*' in the associated password entry.  This might be
> limited to rsync invocations by a currently authenticated user
> (such as occurs with SSH access) and disallowed for the "listen
> on rsync's port" mode of operation.
> 
> I would like to use SSH to authenticate users and grant access
> to the machine, leaving more specific rights management to the
> configuration of individual services.  With rsync, these functions
> appear to be a bit more intertwined than they have to be.
> 
> If people think this is a good idea, (especially the "owners" of
> rsync), I would be happy to revise the code to make it work.
> Let me know at
>    larry nospacehere brasfield at m s n dot com
> and I will post the results to this list/thread after a week or so.
> 
> --
> Larry Brasfield

More information about the rsync mailing list