Bob of Donelson Trophy
2016-Oct-23 14:40 UTC
[Samba] Bidirectional wiki page correction suggestion
I just setup replication of sysvol between my two DC's using the "Bidirectional Rsync/osync based SysVol replication workaround" and all went well with two exception. First, it seems that since an upgrade to Openssh version 7.0 that "dsa" key use is disabled by default by the Openssh team. There has been some questions for some time now regarding the security of "dsa" keys and the new default is to use "rsa" keys. (Not opening a "dsa"/"rsa" key debate here, Openssh team did what they did. An Internet search found other distros noting the same dsa/rsa issue.) Simply changing the "dsa" throughout the directions to "rsa" solved any problems I was having and all went well. Perhaps the wiki pages, both "Bidirectional Rsync/osync based SysVol replication workaround" and "Bidirectional Rsync/unison based SysVol replication workaround" should be adjusted to reflect the "new" "rsa" key default. Second, the "root" in the 'crontab -e' string suggestion is not needed (on Ubuntu 16.04 in my case) as user is setting up a crontab process within the "root" crontab. No reason to call the user at all (again, in my case with Ubuntu 16.04.) (Other distros might be different.) This is only a suggestion. Thank you. -- _______________________________ Bob Wooden of Donelson Trophy
On Sun, 23 Oct 2016 09:40:36 -0500 Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:> I just setup replication of sysvol between my two DC's using the > "Bidirectional Rsync/osync based SysVol replication workaround" and > all went well with two exception. > > First, it seems that since an upgrade to Openssh version 7.0 that > "dsa" key use is disabled by default by the Openssh team. There has > been some questions for some time now regarding the security of "dsa" > keys and the new default is to use "rsa" keys. (Not opening a > "dsa"/"rsa" key debate here, Openssh team did what they did. An > Internet search found other distros noting the same dsa/rsa issue.) > > Simply changing the "dsa" throughout the directions to "rsa" solved > any problems I was having and all went well. > > Perhaps the wiki pages, both "Bidirectional Rsync/osync based SysVol > replication workaround" and "Bidirectional Rsync/unison based SysVol > replication workaround" should be adjusted to reflect the "new" "rsa" > key default. > > Second, the "root" in the 'crontab -e' string suggestion is not needed > (on Ubuntu 16.04 in my case) as user is setting up a crontab process > within the "root" crontab. No reason to call the user at all (again, > in my case with Ubuntu 16.04.) (Other distros might be different.) > > This is only a suggestion. > > Thank you. >OK, I have changed 'dsa' to 'rsa' on both pages. I haven't changed the crontab contents, the 'Osync' page is based on the 'Unison' page and this is based on information supplied by Louis Van Belle. I think Louis needs to explain why 'root' is in root's crontab, there may be a reason. Rowland
Bob of Donelson Trophy
2016-Oct-23 16:50 UTC
[Samba] Bidirectional wiki page correction suggestion
On 2016-10-23 10:36, Rowland Penny via samba wrote:> On Sun, 23 Oct 2016 09:40:36 -0500 > Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote: > >> I just setup replication of sysvol between my two DC's using the >> "Bidirectional Rsync/osync based SysVol replication workaround" and >> all went well with two exception. >> >> First, it seems that since an upgrade to Openssh version 7.0 that >> "dsa" key use is disabled by default by the Openssh team. There has >> been some questions for some time now regarding the security of "dsa" >> keys and the new default is to use "rsa" keys. (Not opening a >> "dsa"/"rsa" key debate here, Openssh team did what they did. An >> Internet search found other distros noting the same dsa/rsa issue.) >> >> Simply changing the "dsa" throughout the directions to "rsa" solved >> any problems I was having and all went well. >> >> Perhaps the wiki pages, both "Bidirectional Rsync/osync based SysVol >> replication workaround" and "Bidirectional Rsync/unison based SysVol >> replication workaround" should be adjusted to reflect the "new" "rsa" >> key default. >> >> Second, the "root" in the 'crontab -e' string suggestion is not needed >> (on Ubuntu 16.04 in my case) as user is setting up a crontab process >> within the "root" crontab. No reason to call the user at all (again, >> in my case with Ubuntu 16.04.) (Other distros might be different.) >> >> This is only a suggestion. >> >> Thank you. > > OK, I have changed 'dsa' to 'rsa' on both pages. > I haven't changed the crontab contents, the 'Osync' page is based on > the 'Unison' page and this is based on information supplied by Louis Van > Belle. I think Louis needs to explain why 'root' is in root's crontab, > there may be a reason. > > RowlandI suggested the "root" issue but agree with your decision. In my case, the 'root' made crontab abort and I got a system email saying "it" (the system) could not find root. Simply removing the "root" allowed the cron string to run without complaints. My 2 cents. Thanks. -- _______________________________ Bob Wooden of Donelson Trophy