I am doing rsync over a private network. Encryption is not required. Currently rsync over ssh works, but requires too many CPU cycles (especially when doing a lot of transfers) on a CPU-bound system. I need to use rsh instead.
The problem is, I can either set rsh to allow transfers without a password, or it won't let me transfer files at all.
I need rsh to ask for a password. The network may be private (I don't worry about sniffers) but still I'm not OK with giving the rsync client a blank check and allow it to connect without a password.
I tried to make various modifications to /etc/pam.d/rsh but I can't convince rshd to require a password.
I searched the Web for a solution, but everyone seems to be in the opposite situation (looking to allow rsh to connect without a password, which is trivial).
Any suggestion?
Florin Andrei wrote:
I am doing rsync over a private network. Encryption is not required. Currently rsync over ssh works, but requires too many CPU cycles (especially when doing a lot of transfers) on a CPU-bound system. I need to use rsh instead.
The problem is, I can either set rsh to allow transfers without a password, or it won't let me transfer files at all.
I need rsh to ask for a password. The network may be private (I don't worry about sniffers) but still I'm not OK with giving the rsync client a blank check and allow it to connect without a password.
I tried to make various modifications to /etc/pam.d/rsh but I can't convince rshd to require a password.
I searched the Web for a solution, but everyone seems to be in the opposite situation (looking to allow rsh to connect without a password, which is trivial).
I've used rsync with the ssh 'blowfish' option on slow processors (older sparcs, slower pentiums) with good success.
or, run rsync as a daemon at one end, and specify the rsync protocol, that uses no encryption at all.
John R Pierce wrote:
Florin Andrei wrote:
The problem is, I can either set rsh to allow transfers without a password, or it won't let me transfer files at all.
I've used rsync with the ssh 'blowfish' option on slow processors (older sparcs, slower pentiums) with good success.
Tried that, not good enough. Too bad ssh doesn't have a plain-text "encryption" option. :-)
I've found a document saying that the rsh protocol is designed so that the only "authentication" method is .rhosts It cannot authenticate with a password, by design.
Back to the drawing board. :-/
On Fri, Mar 09, 2007 at 05:27:15PM -0800, Florin Andrei wrote:
John R Pierce wrote:
Florin Andrei wrote:
The problem is, I can either set rsh to allow transfers without a password, or it won't let me transfer files at all.
I've used rsync with the ssh 'blowfish' option on slow processors (older sparcs, slower pentiums) with good success.
Tried that, not good enough. Too bad ssh doesn't have a plain-text "encryption" option. :-)
There are "cipher none" ssh patches. I think these might be built into later openssh versions, but I don't think the version that comes with RHEL4.4 (thus CentOS) has it. Building your own openssh version might work.
Don't hold me to that, though!
On Fri, Mar 09, 2007 at 04:51:28PM -0800, John R Pierce wrote:
I've used rsync with the ssh 'blowfish' option on slow processors (older sparcs, slower pentiums) with good success. or, run rsync as a daemon at one end, and specify the rsync protocol, that uses no encryption at all.
Or use NFS.
On 10/03/07, Florin Andrei florin@andrei.myip.org wrote:
I am doing rsync over a private network. Encryption is not required. Currently rsync over ssh works, but requires too many CPU cycles (especially when doing a lot of transfers) on a CPU-bound system. I need to use rsh instead.
The problem is, I can either set rsh to allow transfers without a password, or it won't let me transfer files at all.
It's been a long time since I was required to setup passwordless rsh/rlogin but from memory, I had to hack about with some of the rsh/rlogin PAM configs under /etc/pam.d to remove some password requirements. This was back on RH7.x.
There's a bunch of Kerberos authentication required for the CentOS/RHEL rsh/rlogin variants too.
Will.
-
Florin Andrei -
John R Pierce -
Matthew Miller -
Stephen Harris -
Will McDonald