[Fwd: Re: how about auth users without a password?]

Jim Salter jim at jrssystems.net
Wed Jan 21 17:59:52 GMT 2004

(accidentally sent directly to Larry the first time - cross-posted to 
list after-the-fact in case someone else finds it useful)

 > I hope to manage rsync access the same way.  Clients would be
 > forced to come in via SSH (because no other ports are open), and
 > once in, the configuration of rsync will determine what they can
 > do, precisely.  This is just a hope at the moment because when I
 > try to limit per-user access via rsyncd.conf, it still demands a
 > password even though the user in question has already been
 > authenticated to permit their SSH entry.

Ah, I see.  Given that you can simply and easily specify the password on 
the command line, wouldn't it be easiest simply to use a shell script 
that automatically passes the appropriate password with the rsync 
command as an rsync replacement?  From the user perspective, all would 
be transparent - they wouldn't even need to change the way they use 
rsync; your script would simply pass a 
"--password-file=/path/to/password/file" argument to the real rsync, 
along with whatever arguments the user needed.

You could even set up the precise same password for all user accounts, 
so that the same replacement script (and same password file) was valid 
for all accounts - just blindly adding the "--password-file=" argument 
to all rsync calls.  If you wanted to get fancy and were worried about 
impact on accessing OTHER rsync servers, of course you could make your 
shell script a little more sophisticated and make it check for the 
presence of one of your own servers in the arguments passed by the user 
before appending its --password-file argument to the list.

Jim Salter

More information about the rsync mailing list