Copy Files across two machines.

abhijeetudas · 04-20-2005, 05:25 AM

Hi there,

I have 2 Linux Box'es with sshd modified so that
no root login's are permitted

I am trying to expirement with DRBD
so i need a mechanism that will copy the updated config file
say on node1 to the other node2.

Now these files are needed to be owned by root
so i cannot ssh / rsync across as root.

earlier i had the same thing working as i had ssh host keys installed
so i simply said
[ root@node1 etc ]# scp drbd.conf node2:/etc
& it worked

but after securing the box for no root logins i have this problem of copying
config files from /etc to the other node

any suggestions / ideas on how do i go about this?

Tuttle · 04-20-2005, 05:55 AM

You could make a script that does

Code:

user@node1/etc$ scp drbd.conf node2:/tmp
ssh -l username hostname \
password \
sudo mv node2:/tmp/drbd.conf node2:/etc \
exit

or similar.

abhijeetudas · 04-22-2005, 09:49 AM

Dint quite get it
ssh -l username host \ password

"password in plain text ?

Any way i tried

#!/bin/bash
scp /etc/drbd.conf node2:/tmp
ssh -l user host
<manually enter password>
sudo mv node2:/tmp/drbd.conf node2:/etc
exit

i get to a shell prompt and its stuck there
no no nothing.. happened. :-(

Linux~Powered · 04-22-2005, 07:03 PM

You can use either SCP or SFTP. SFTP is more convenient. Just run the syntax...

Code:

sftp user@address

You'll be prompted for a password. Once in, you'll want to get a list of the commands that you can use with SFTP. At the >sftp part just type in help, and it'll show you a list of commands. Most common are put and get.

abhijeetudas · 04-25-2005, 12:01 AM

Interstingly enough..

Firstly
1) I had disabled root logins through ssh for security reasons..

2) The file that i need to copy needs to be done through a script

3) The file needs to be owned by root, so will have to copy to a temporary
place n then copy of sudo or somet thing like that.

so i think
sftp user@host is not a good idea.!

chrisfirestar · 04-25-2005, 01:50 AM

why dont you copy to a temporary folder using your standard rsync (as you did before)
then just have a sh script that is owned by root then how you want to run this script is up to you, can have a cron job which will go in, copy to the /etc location and chmod it...

jschiwal · 04-25-2005, 03:50 AM

You can use the .ssh/authorized_keys file to eliminate the need for a password in a script.

An alternative is to use keychain. You could edit your .bash_profile file adding something like

keychain id_dsa
. ~/.keychain/$HOSTNAME-sh

You would be prompted once for a password when logging in the first time after a reboot.

Also, I'm not sure if you have system wide keys in /etc/ssh/ whether the scp commamd will work even if root can't login.

---

I just had another idea. Instead of having a cron job that copies files to remote systems, have cron jobs in the remote systems that pulls the files from the central host. You could pull them from a user setup solely for the purpose of distributing files. The home page of this psuedo user would contain an .ssh/ directory and the remote systems would be copying from a user account so your no root login restriction wouldn't be a problem.