?
Solved

RDIST over SSH

Posted on 2007-08-03
8
Medium Priority
?
2,488 Views
Last Modified: 2013-11-17
Our UNIX servers are running AIX 5L and due to security policies, we are discouraged from using "rshd" between servers. Instead, I would like to run Rdist using SSH. Reading the command line documentation, I know that I need to use the "-P" option to transport the program as given in transport-path. But how?

Any configuration assistance, examples, or lessons learned from your experience with such settings will be much appreciated.
0
Comment
Question by:TexanLonghorn
  • 3
  • 3
  • 2
8 Comments
 
LVL 14

Assisted Solution

by:sjm_ee
sjm_ee earned 150 total points
ID: 19628454
Did you try the following as recommended in the man page?

Here's an example which uses ssh(1) as the transport:

    rdist -P /usr/local/bin/ssh -f myDistfile
0
 
LVL 48

Expert Comment

by:Tintin
ID: 19641950
If possible, I'd recommend using rsync instead of rdist.  rdist was good in its day, but its day was a long time ago.

rsync is much faster, more efficient and a lot more flexible when it comes to syncing files.
0
 

Author Comment

by:TexanLonghorn
ID: 19649443
SJM_EE the following command works fine:

/usr/sbin/rdist -f distfile -P /bin/ssh

However, I am being prompted for a password to authenticate against the user at the destination host. So I figured the two users (at source and destination host) need to automatically authentication login.  

I am using AIX 5L with SSH "OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005".  I have created keys on both servers using "ssh-keygen -t rsa" (with just <Enter> for passphrase) on both servers and appended id_rsa.pub from one server to the authorized_key file on the other server. But, ssh still prompts for password.  

The following is ssh -v output:

ssh -v user@host1 date
OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /home/username/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so):   0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
        0509-026 System error: A file or directory in the path name does not exist.

debug1: Error loading Kerberos, disabling Kerberos auth.
debug1: Connecting to host1 [172.21.74.2] port 22.
debug1: Connection established.
debug1: identity file /home/username/.ssh/identity type -1
debug1: identity file /home/username/.ssh/id_rsa type 1
debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host1' is known and matches the RSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/username/.ssh/identity
debug1: Offering public key: /home/username/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/username/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
username@host1's password:
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 48

Expert Comment

by:Tintin
ID: 19649566
Make sure the permissions on the remote .ssh directory are 700
0
 

Author Comment

by:TexanLonghorn
ID: 19649760
The problem persists even after changing the permissions on the ".ssh" directory to 700.
0
 
LVL 14

Expert Comment

by:sjm_ee
ID: 19665413
OK so does anything else work with ssh in your setup?
0
 

Author Comment

by:TexanLonghorn
ID: 19666323
Sorry, I'm not sure I understand the question. I am able to run all of the secured shell commands on the remote site such as ssh, scp, sftp, but I'm still being prompted for the password when I expected to automatically authenticate.
0
 
LVL 48

Accepted Solution

by:
Tintin earned 450 total points
ID: 19666431
You should also check the perms on your home directory (on the remote server).  Depending on what sshd options are in place, you sometimes need to ensure your home directory has no more perms that 755.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question