Nick,
It's probably not what you wanna hear, but why not go for
something like NIS or LDAP? My ISP has scripts that automatically
copy over /etc/{passwd,shadow,etc.} as they're updated on the
main machine, but this occasionally breaks and screws everything
up. I've never played with NIS, but I have all authentication for
the Windows and Linux boxes here going through LDAP and it really
kicks ass. I can administer users and groups either in the browser
(using PHP and HTTPS) or using an LDAP client on my desktop (NT) box.
pam_LDAP and OpenLDAP weren't that hard to get working together,
and once it is, it kicks ass.
j.
--
Jeremy L. Gaddis <[EMAIL PROTECTED]>
-----Original Message-----
From: Vineet Kumar [mailto:[EMAIL PROTECTED]
Sent: Monday, July 16, 2001 3:18 AM
To: debian-user@lists.debian.org
Subject: Re: SSH
* Nick Furman ([EMAIL PROTECTED]) [010707 12:35]:
> I have a quick question regarding the secure server package and scp.
>
> I prefer not to use NIS to share the password file between two servers
so
> I wrote a script to push /etc/passwd to another server so they both
have
> duplicate copies when a user is added onto our system.
>
> Of course I am using scp to move the file over, but everytime a user
is
> added, it asks for the root user's password on the remote server. Is
> there a way using .rhosts to disable the remote server from asking me
for
> a password so it just pushes /etc/passwd over, no questions asked?
>
> Thanks!
>
> Nick
Martin gives good advice, but if you want to do this via a script and
without a password required, you could set up something like the
following:
create a new RSA key with no passphrase. On the remote machine, add a
line something like this to /root/.ssh/authorized_keys2:
from="othermachine",commands="<script to add info to system
files>",no-port-forwarding,no-agent-forwarding,no-pty ssh-rsa <the key>
(Sorry, that's long because it needs to be all one line in the file).
The point is that you can create a key that will be accepted with no
passphrase restricted to connections from a certain host and forced to
perform a specific action. Also ensure that you have in
/etc/ssh/sshd_config:
PermitRootLogin forced-commands-only
Please, please, please understand what you're doing and gauge whether
your systems are secure enough and that this is acceptable risk.
Vineet
