Gluster users - Sep 2014 - Use geo-replication without passwordless ssh login

Hi,

I wonder if it is possible to configure Gluster geo-replication in a manner
that it does not require passwordless ssh login, since in our system
passwordless ssh is not allowed.

Or, is it possible to configure passwordless ssh for Gluster only, not for
every user or programm.

Thanks.

Bo
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140915/66c41f1c/attachment.html>

On 15 Sep 2014, at 17:18, Bo Yu <mobirabi at gmail.com> wrote:
> I wonder if it is possible to configure Gluster geo-replication in a manner
that it does not require passwordless ssh login, since in our system
passwordless ssh is not allowed.

Why would you disable that? Using passwords on top of public keys doesn't
add a great deal of security. Using them without public keys is more of an
issue.

Marcus
-- 
Marcus Bointon
Technical Director, Synchromedia Limited

Creators of http://www.smartmessages.net/
UK 1CRM solutions http://www.syniah.com/
marcus at synchromedia.co.uk | http://www.synchromedia.co.uk/

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140915/b8ccd569/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL:
<http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140915/b8ccd569/attachment.sig>

On 15/09/14 20:48, Bo Yu wrote:
> Hi,
>
> I wonder if it is possible to configure Gluster geo-replication in a 
> manner that it does not require passwordless ssh login, since in our 
> system passwordless ssh is not allowed.
>
> Or, is it possible to configure passwordless ssh for Gluster only, not 
> for every user or programm.
TBH, the passwordless ssh configured by "push-pem" option is very 
specific to gluster (gsyncd to be more specific). But this will used 
after the session is created. During the create gluster need the 
passwordless ssh to get the details of the slave cluster (it's status, 
available size, files present or not etc).

So you need to have passwordless ssh from one node in master to one in 
slave *only* during the "geo-rep create push-pem". After session 
created, you can actually remove the passwordless ssh and Ideally 
geo-rep should still work.

HTH

  Best Regards,
Vishwanath
>
> Thanks.
>
> Bo
>
>
>
>
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://supercolony.gluster.org/mailman/listinfo/gluster-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140916/41a8cb03/attachment.html>

On 09/15/2014 08:48 PM, Bo Yu wrote:
> Hi,
>
> I wonder if it is possible to configure Gluster geo-replication in a 
> manner that it does not require passwordless ssh login, since in our 
> system passwordless ssh is not allowed.
>
> Or, is it possible to configure passwordless ssh for Gluster only, not 
> for every user or programm.
Discussion is going on to add support for any user with sudo access can 
create geo-rep session.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1136296

--
regards
Aravinda
http://aravindavk.in
>
> Thanks.
>
> Bo
>
>
>
>
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://supercolony.gluster.org/mailman/listinfo/gluster-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://supercolony.gluster.org/pipermail/gluster-users/attachments/20140917/0a91144d/attachment.html>