[Gluster-users] tar_ssh.pem?

James Le Cuirot chewi at aura-online.co.uk
Wed Apr 30 19:25:03 UTC 2014


> > On April 28, 2014 6:03:16 AM PDT, Venky Shankar
> > <vshankar at redhat.com> wrote:

> >> On 04/27/2014 11:55 PM, James Le Cuirot wrote:
> >>> I'm new to Gluster but have successfully tried geo-rep with 3.5.0.
> >>> I've read about the new tar+ssh feature and it sounds good but
> >>> nothing has been said about the tar_ssh.pem file that gsyncd.conf
> >>> references. Why is a separate key needed? Does it not use gsyncd
> >>> on the other end? If not, what command should I lock it down to
> >>> in authorized_keys, bug #1091079 notwithstanding?

> >> geo-replication "create push-pem" command should add the keys on
> >> the slave for tar+ssh to work. That is done as part of geo-rep
> >> setup.

I had seen the new "create push-pem" option and gave it a try today. I
see that it does indeed create a different key with a different command
in the authorized_keys file.

One question remains though and this stems back to bug #1091079.
push-pem expects you to have setup passwordless SSH access already so
what is the point of adding further lines to authorized_keys when
general access is already allowed? Surely this is bad for security?
Wouldn't it be better for push-pem to prompt for a password so that
only the required access is added?

Regards,
James



More information about the Gluster-users mailing list