[Dirvish] push or pull for client with dynamic ip

Bernd Haug haug at berndhaug.net
Fri Jul 31 09:50:50 UTC 2009


On Fri, Jul 31, 2009 at 10:41 AM, Xavier Brochard<xavier at alternatif.org> wrote:
> sudo will not ask for a password - isn't that a bit dangerous? backupinitiator
> cando whatever he wants...

No - it can just trigger a backup. The danger factor there seems limited.

Once again, also see the format for authorized_keys. You can actually
limit the user logging in with the corresponding private key for that
authorized_keys line to running that specific command.

So you could have a key that could only log in to run one specific
command as root. Seems rather secure to me.

> One question, to be sure: in the host directive of ssh config you don't write
> literaly "dynamic-host" ?

You could, or you could call it something else.

It's actually just a connection name for ssh.

You make a config section,

host bla
  user blo
  hostname blu.bli.ble

that just means that you can simply

$ ssh bla

and ssh will connect you to hostname blu.bli.ble using username blo.

Options before the first "host" directive apply to all host sections
where no other value for that option is set, options after "host"
directives apply to that "host" section, until the next "host" comes
along.

Also nota bene the options compression, forwardx11,
{local,remote,dynamic}forward, controlmaster, escapechar, identityfile
&c &c.

SSH lets you do beautiful things (i.e., look up what ssh -NfM does in
detail), you want to read ssh(1) and ssh_config(5).

Yours, Bernd


More information about the Dirvish mailing list