[Dovecot] replication howto

Timo Sirainen tss at iki.fi
Thu Mar 15 23:55:26 EET 2012


Plus the scripts that

1) when calling ssh dsync first writes the username to stdout (before dsync starts communicating)

and

2) dsync.sh on remote first reads the username from stdin, before execing dsync itself

Because it's not possible to give -u $username parameter in the authorized_keys cmd itself. That's the only changing parameter that is needed.

On 15.3.2012, at 23.49, David Ford wrote:

> in ~privilgeduser/.ssh/authorized keys:
> 
> from=<list of hosts key is valid for> cmd=dsync.sh pubkey...
> 
> On 03/15/2012 05:05 PM, Timo Sirainen wrote:
>> Then again it's safer to use system user accounts than a single vmail account that has access to everyone's emails. And if you allow ssh login only with public key authentication I don't think there are much security issues. And finally, it would be possible to write a small wrapper that allows the root's public key auth to only execute dsync-user.sh script that can't do anything except sync a specified user's mails. 
> 



More information about the dovecot mailing list