[BackupPC-users] I broke perfection ...

Back in October, I was a Linux newbie struggling to get BackupPC to work and was successful in a very short time with the great support I got here (Ref: Almost Working). Since then, I’ve monitored the system operation and performed two restore tests, one from a full backup and one mid-stream off of the incremental files. The total byte count was about 75 GBytes with a perfect score by comparison of every single byte. The BackupPC system works GREAT!

Since the testing, I’ve moved on to another issue that was brought to my attention during the work to get BackupPC working: Fedora was probably not the best distribution of Linux to run a server function. While working with other distro’s, I goofed and trashed my perfectly running system. I have rebuilt it up to the point of installing my ssh-keys for rsync. In as far as I know, I’m doing the same thing as before when it worked out just fine. This time, it all looks good during the setup, but ‘backuppc’ user is not getting ‘root’ authority when tested. I’ve tried several times, consistently getting the same result. I am hoping that someone will see where this somewhat less of a newbie is messing up. All comments are welcome. -- ken

Below is a transcript of the last session:

Starting on my Windows-server, I removed previous setup from /root/.ssh:

[root@WinServer .ssh]# rm -f *

[root@WinServer .ssh]# ls -al

total 16

drwx------ 2 root root 4096 2008-11-29 16:50 .

drwxr-x--- 27 root root 4096 2008-11-29 16:22 ..

Next, I generated a key-pair on the Windows-server:

[root@WinServer .ssh]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

fe:a0: … :7b:9e [email protected] ç Ref at end

[root@WinServer .ssh]#

I verified the archiving host was listed in /etc/hosts:

[root@WinServer .ssh]# cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 WinServer.localdomain WinServer WinServer

::1 localhost6.localdomain6 localhost6

192.168.1.106 Archiver.localdomain Archiver <<<==== this is it

[root@WinServer .ssh]#

On the archiver, I removed the old configuration from /var/lib/BackupPC/.ssh,

changed to user 'backuppc' on /var/lib/BackupPC and created a key-pair:

[root@Archiver .ssh]# rm -f *

[root@Archiver .ssh]# ls -al

total 16

drwx------ 2 backuppc root 4096 2008-11-29 16:53 .

drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..

[root@Archiver .ssh]# su -s /bin/bash - backuppc

-bash-3.2$ whoami

backuppc

-bash-3.2$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/var/lib/BackupPC/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /var/lib/BackupPC/.ssh/id_rsa.

Your public key has been saved in /var/lib/BackupPC/.ssh/id_rsa.pub.

The key fingerprint is: 34:e2: … :e8:73 [email protected]

-bash-3.2$ cp ./.ssh/id_rsa.pub ./.ssh/BackupPC_id_rsa.pub

-bash-3.2$ ls ./.ssh

BackupPC_id_rsa.pub id_rsa id_rsa.pub

-bash-3.2$ scp ./.ssh/BackupPC_id_rsa.pub [email protected]:/root/.ssh/

The authenticity of host '192.168.1.101 (192.168.1.101)' can't be established.

RSA key fingerprint is 57:e6: … :7a:c6.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.101' (RSA) to the list of known hosts.

[email protected]'s password:

BackupPC_id_rsa.pub 100% 411 0.4KB/s 00:00

-bash-3.2$

Back on the Windows-server, I added BackupPC_id_rsa.pub to authorized_keys2:

[root@WinServer .ssh]# ls -al

total 40

drwx------ 2 root root 4096 2008-11-29 16:53 .

drwxr-x--- 27 root root 4096 2008-11-29 16:22 ..

-rw-r--r-- 1 root root 411 2008-11-29 16:53 BackupPC_id_rsa.pub

-rw------- 1 root root 1675 2008-11-29 16:50 id_rsa

-rw-r--r-- 1 root root 408 2008-11-29 16:50 id_rsa.pub

[root@WinServer .ssh]# cat BackupPC_id_rsa.pub >> authorized_keys2

[root@WinServer .ssh]#

Edited Authorized_keys2 to add 'from="Archiver.localdomain"':

[root@WinServer .ssh]# cat authorized_keys2

from="Archiver.localdomain" ssh-rsa AAAA … more stuff … GnuNXOxYw== [email protected]

[root@WinServer .ssh]#

Sent id_rsa.pub to archiver:

[root@WinServer .ssh]# scp id_rsa.pub [email protected]:/var/lib/BackupPC/.ssh/client_id_rsa.pub

The authenticity of host '192.168.1.106 (192.168.1.106)' can't be established.

RSA key fingerprint is 01:a8:0d:1e: … :aa:10.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.106' (RSA) to the list of known hosts.

[email protected]'s password:

id_rsa.pub 100% 408 0.4KB/s 00:00

[root@WinServer .ssh]#

Now, on archiver:

-bash-3.2$ cat ./.ssh/client_id_rsa.pub >> ./.ssh/known_hosts

-bash-3.2$ ls ./.ssh

BackupPC_id_rsa.pub client_id_rsa.pub id_rsa id_rsa.pub known_hosts

-bash-3.2$ rm ./.ssh/client_id_rsa.pub

rm: remove write-protected regular file `./.ssh/client_id_rsa.pub'? y

-bash-3.2$ ls ./.ssh -al

total 48

drwx------ 2 backuppc root 4096 2008-11-29 17:08 .

drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..

-rw-r--r-- 1 backuppc backuppc 411 2008-11-29 16:56 BackupPC_id_rsa.pub

-rw------- 1 backuppc backuppc 1671 2008-11-29 16:55 id_rsa

-rw-r--r-- 1 backuppc backuppc 411 2008-11-29 16:55 id_rsa.pub

-rw-r--r-- 1 backuppc backuppc 803 2008-11-29 17:07 known_hosts

-bash-3.2$ chmod -R go-rwx ./.ssh

-bash-3.2$ ls ./.ssh -al

total 48

drwx------ 2 backuppc root 4096 2008-11-29 17:08 .

drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..

-rw------- 1 backuppc backuppc 411 2008-11-29 16:56 BackupPC_id_rsa.pub

-rw------- 1 backuppc backuppc 1671 2008-11-29 16:55 id_rsa

-rw------- 1 backuppc backuppc 411 2008-11-29 16:55 id_rsa.pub

-rw------- 1 backuppc backuppc 803 2008-11-29 17:07 known_hosts

... and do same chmod on Windows-server:

[root@WinServer .ssh]# chmod -R go-rwx .

[root@WinServer .ssh]# ls -al

total 64

drwx------ 2 root root 4096 2008-11-29 17:00 .

drwxr-x--- 27 root root 4096 2008-11-29 16:58 ..

-rw------- 1 root root 439 2008-11-29 16:58 authorized_keys2

-rw------- 1 root root 411 2008-11-29 16:55 authorized_keys2~

-rw------- 1 root root 411 2008-11-29 16:53 BackupPC_id_rsa.pub

-rw------- 1 root root 1675 2008-11-29 16:50 id_rsa

-rw------- 1 root root 408 2008-11-29 16:50 id_rsa.pub

-rw------- 1 root root 395 2008-11-29 17:00 known_hosts

[root@WinServer .ssh]#

Should be done all but the final TEST:

-bash-3.2$ ssh -l root WinServer whoami

The authenticity of host 'WinServer (192.168.1.101)' can't be established.

RSA key fingerprint is 57:e6: … :7a:c6. ç Should this be the same as when created in step one?

Are you sure you want to continue connecting (yes/no)? ^C <<<=== ABORTED DUE TO FAILURE

-bash-3.2$

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/