[SOLVED] passwordless rsync after changing password

anon091 · 09-30-2013, 10:46 AM

if you use an account that can rsync without typing in a password, if you change the password on that account, do you have to redo the keys because of the new password or does that still work?

sag47 · 09-30-2013, 12:04 PM

Password and keys are independent for the most part. authorized_keys does not change so you don't need a new key. If an account is locked or the password expires then the account will need to be unlocked/password changed before shared keys can be used again.

anon091 · 09-30-2013, 12:23 PM

ok, great, so sounds like even if we change the password, the rsync should still work since the account isn't locked or anything like that, just has a different password.

thanks for the reply.

sag47 · 09-30-2013, 01:02 PM

For explicit reference see the authorized_keys(8) man page.

Quote:

Regardless of the authentication type, the account is checked to ensure
that it is accessible. An account is not accessible if it is locked,
listed in DenyUsers or its group is listed in DenyGroups . The defini-
tion of a locked account is system dependant. Some platforms have their
own account database (eg AIX) and some modify the passwd field ( '*LK*'
on Solaris and UnixWare, '*' on HP-UX, containing 'Nologin' on Tru64, a
leading '*LOCKED*' on FreeBSD and a leading '!' on most Linuxes). If
there is a requirement to disable password authentication for the account
while allowing still public-key, then the passwd field should be set to
something other than these values (eg 'NP' or '*NP*' ).

When I need to generate long, never to be used, passwords I like to use uuidgen(1).

anon091 · 09-30-2013, 02:09 PM

Thanks sag.