Posted on 2007-08-03
Last Modified: 2013-11-17
Our UNIX servers are running AIX 5L and due to security policies, we are discouraged from using "rshd" between servers. Instead, I would like to run Rdist using SSH. Reading the command line documentation, I know that I need to use the "-P" option to transport the program as given in transport-path. But how?

Any configuration assistance, examples, or lessons learned from your experience with such settings will be much appreciated.
Question by:TexanLonghorn
    LVL 14

    Assisted Solution

    Did you try the following as recommended in the man page?

    Here's an example which uses ssh(1) as the transport:

        rdist -P /usr/local/bin/ssh -f myDistfile
    LVL 48

    Expert Comment

    If possible, I'd recommend using rsync instead of rdist.  rdist was good in its day, but its day was a long time ago.

    rsync is much faster, more efficient and a lot more flexible when it comes to syncing files.

    Author Comment

    SJM_EE the following command works fine:

    /usr/sbin/rdist -f distfile -P /bin/ssh

    However, I am being prompted for a password to authenticate against the user at the destination host. So I figured the two users (at source and destination host) need to automatically authentication login.  

    I am using AIX 5L with SSH "OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005".  I have created keys on both servers using "ssh-keygen -t rsa" (with just <Enter> for passphrase) on both servers and appended from one server to the authorized_key file on the other server. But, ssh still prompts for password.  

    The following is ssh -v output:

    ssh -v user@host1 date
    OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
    debug1: Reading configuration data /home/username/.ssh/config
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(   0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(
            0509-026 System error: A file or directory in the path name does not exist.

    debug1: Error loading Kerberos, disabling Kerberos auth.
    debug1: Connecting to host1 [] port 22.
    debug1: Connection established.
    debug1: identity file /home/username/.ssh/identity type -1
    debug1: identity file /home/username/.ssh/id_rsa type 1
    debug1: identity file /home/username/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1
    debug1: match: OpenSSH_4.1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'host1' is known and matches the RSA host key.
    debug1: Found key in /home/username/.ssh/known_hosts:2
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/username/.ssh/identity
    debug1: Offering public key: /home/username/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Trying private key: /home/username/.ssh/id_dsa
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: password
    username@host1's password:
    LVL 48

    Expert Comment

    Make sure the permissions on the remote .ssh directory are 700

    Author Comment

    The problem persists even after changing the permissions on the ".ssh" directory to 700.
    LVL 14

    Expert Comment

    OK so does anything else work with ssh in your setup?

    Author Comment

    Sorry, I'm not sure I understand the question. I am able to run all of the secured shell commands on the remote site such as ssh, scp, sftp, but I'm still being prompted for the password when I expected to automatically authenticate.
    LVL 48

    Accepted Solution

    You should also check the perms on your home directory (on the remote server).  Depending on what sshd options are in place, you sometimes need to ensure your home directory has no more perms that 755.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
    Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now