On Sat, Nov 8, 2014 at 10:20 AM, Holger Parplies <wbppc AT parplies DOT de> 
wrote:

>> Mauro Condarelli wrote on 2014-11-07 22:45:53 +0100 [Re: [BackupPC-users] 
>> Unable to read 4 bytes]:
>> [...]
>> What follows is what I use to setup a key exchange,
>
> I don't believe that's completely true ;-).
>
>> obviously there are zillions ways to do the same.
>>
>> backuppc@server:~$ scp .ssh/id_dsa mcon@mailgate:/tmp/backuppc AT server DOT 
>> key
>
> Actually, you need the *public* key on the client (".ssh/id_dsa.pub"), not the
> private key. More than that, you *should not have* the private key on the
> client machine. Conceptionally, possession of the private key is considered as
> proof for being the legitimate BackupPC server. The client machine isn't the
> legitimate BackupPC server, so it shouldn't be able to prove it is :-).
>
> Additionally, I would advise against temporarily storing the key - even the
> public key - in /tmp. You are later going to do (and this only makes sense if
> it actually was the public key you transferred) ...

And probably even more to the point is that most systems have an
'ssh-copy-id' script that will do it for you and get it right.   The
RedHat/Centos versions even fix the SElinux contexts for you.

-- 
    Les Mikesell
     lesmikesell AT gmail DOT com

------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/