Kenneth L. Owen wrote:
> Back in October, I was a Linux newbie struggling to get BackupPC to work
> and was successful in a very short time with the great support I got
> here (Ref: Almost Working). Since then, I’ve monitored the system
> operation and performed two restore tests, one from a full backup and
> one mid-stream off of the incremental files. The total byte count was
> about 75 GBytes with a perfect score by comparison of every single
> byte. The BackupPC system works GREAT!
>
>
>
> Since the testing, I’ve moved on to another issue that was brought to my
> attention during the work to get BackupPC working: /_Fedora was
> probably not the best distribution of Linux to run a server function_./
> While working with other distro’s, I goofed and trashed my perfectly
> running system. I have rebuilt it up to the point of installing my
> ssh-keys for rsync. In as far as I know, I’m doing the same thing as
> before when it worked out just fine. This time, it all looks good
> during the setup, but ‘backuppc’ user is not getting ‘root’ authority
> when tested. I’ve tried several times, consistently getting the same
> result. I am hoping that someone will see where this somewhat less of a
> newbie is messing up. All comments are welcome. -- ken
>
> Below is a transcript of the last session:
>
>
>
> Starting on my Windows-server, I removed previous setup from /root/.ssh:
>
>
>
> [root@WinServer .ssh]# rm -f *
>
>
>
> [root@WinServer .ssh]# ls -al
>
> total 16
>
> drwx------ 2 root root 4096 2008-11-29 16:50 .
>
> drwxr-x--- 27 root root 4096 2008-11-29 16:22 ..
>
>
>
> Next, I generated a key-pair on the Windows-server:
>
>
>
> [root@WinServer .ssh]# ssh-keygen -t rsa
>
> Generating public/private rsa key pair.
>
> Enter file in which to save the key (/root/.ssh/id_rsa):
>
> Enter passphrase (empty for no passphrase):
>
> Enter same passphrase again:
>
> Your identification has been saved in /root/.ssh/id_rsa.
>
> Your public key has been saved in /root/.ssh/id_rsa.pub.
>
> The key fingerprint is:
>
> fe:a0: … :7b:9e [email protected]
> <mailto:[email protected]> ç Ref at end
>
> [root@WinServer .ssh]#
>
root@WinServer does not need a keypair unless root@WinServer is going to
log in remotely via ssh to another machine.
>
>
> I verified the archiving host was listed in /etc/hosts:
>
>
>
> [root@WinServer .ssh]# cat /etc/hosts
>
> # Do not remove the following line, or various programs
>
> # that require network functionality will fail.
>
> 127.0.0.1 WinServer.localdomain WinServer WinServer
>
> ::1 localhost6.localdomain6 localhost6
>
> 192.168.1.106 Archiver.localdomain Archiver <<<==== this is it
>
> [root@WinServer .ssh]#
>
>
>
> On the archiver, I removed the old configuration from
> /var/lib/BackupPC/.ssh,
>
> changed to user 'backuppc' on /var/lib/BackupPC and created a key-pair:
>
>
>
> [root@Archiver .ssh]# rm -f *
>
> [root@Archiver .ssh]# ls -al
>
> total 16
>
> drwx------ 2 backuppc root 4096 2008-11-29 16:53 .
>
> drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..
>
>
>
> [root@Archiver .ssh]# su -s /bin/bash - backuppc
>
> -bash-3.2$ whoami
>
> backuppc
>
>
>
> -bash-3.2$ ssh-keygen -t rsa
>
> Generating public/private rsa key pair.
>
> Enter file in which to save the key (/var/lib/BackupPC/.ssh/id_rsa):
>
> Enter passphrase (empty for no passphrase):
>
> Enter same passphrase again:
>
> Your identification has been saved in /var/lib/BackupPC/.ssh/id_rsa.
>
> Your public key has been saved in /var/lib/BackupPC/.ssh/id_rsa.pub.
>
> The key fingerprint is: 34:e2: … :e8:73 [email protected]
>
>
>
> -bash-3.2$ cp ./.ssh/id_rsa.pub ./.ssh/BackupPC_id_rsa.pub
>
>
>
> -bash-3.2$ ls ./.ssh
>
> BackupPC_id_rsa.pub id_rsa id_rsa.pub
>
>
>
> -bash-3.2$ scp ./.ssh/BackupPC_id_rsa.pub [email protected]:/root/.ssh/
>
> The authenticity of host '192.168.1.101 (192.168.1.101)' can't be
> established.
>
> RSA key fingerprint is 57:e6: … :7a:c6.
>
FYI, you do not need to conceal fingerprints. It is the fingerprint of
a *public* key, and it doesn't hurt anything if everybody can see it.
> Are you sure you want to continue connecting (yes/no)? yes
>
> Warning: Permanently added '192.168.1.101' (RSA) to the list of known hosts.
>
> [email protected]'s password:
>
> BackupPC_id_rsa.pub 100% 411 0.4KB/s 00:00
>
> -bash-3.2$
>
>
>
> Back on the Windows-server, I added BackupPC_id_rsa.pub to authorized_keys2:
>
>
>
> [root@WinServer .ssh]# ls -al
>
> total 40
>
> drwx------ 2 root root 4096 2008-11-29 16:53 .
>
> drwxr-x--- 27 root root 4096 2008-11-29 16:22 ..
>
> -rw-r--r-- 1 root root 411 2008-11-29 16:53 BackupPC_id_rsa.pub
>
> -rw------- 1 root root 1675 2008-11-29 16:50 id_rsa
>
> -rw-r--r-- 1 root root 408 2008-11-29 16:50 id_rsa.pub
>
>
>
> [root@WinServer .ssh]# cat BackupPC_id_rsa.pub >> authorized_keys2
>
> [root@WinServer .ssh]#
>
>
>
> Edited Authorized_keys2 to add 'from="Archiver.localdomain"':
>
>
>
> [root@WinServer .ssh]# cat authorized_keys2
>
> from="Archiver.localdomain" ssh-rsa AAAA … more stuff … GnuNXOxYw==
> [email protected]
>
> [root@WinServer .ssh]#
>
>
>
> Sent id_rsa.pub to archiver:
>
This whole section is not needed for BackupPC. What you've done here is
allowed root@WinServer to log in as [email protected], and I don't
think that's what you meant to do.
>
>
> [root@WinServer .ssh]# scp id_rsa.pub
> [email protected]:/var/lib/BackupPC/.ssh/client_id_rsa.pub
>
> The authenticity of host '192.168.1.106 (192.168.1.106)' can't be
> established.
>
> RSA key fingerprint is 01:a8:0d:1e: … :aa:10.
>
> Are you sure you want to continue connecting (yes/no)? yes
>
> Warning: Permanently added '192.168.1.106' (RSA) to the list of known hosts.
>
> [email protected]'s password:
>
> id_rsa.pub 100% 408 0.4KB/s 00:00
>
> [root@WinServer .ssh]#
>
>
>
> Now, on archiver:
>
>
>
> -bash-3.2$ cat ./.ssh/client_id_rsa.pub >> ./.ssh/known_hosts
>
>
>
> -bash-3.2$ ls ./.ssh
>
> BackupPC_id_rsa.pub client_id_rsa.pub id_rsa id_rsa.pub known_hosts
>
>
>
> -bash-3.2$ rm ./.ssh/client_id_rsa.pub
>
> rm: remove write-protected regular file `./.ssh/client_id_rsa.pub'? y
>
>
>
> -bash-3.2$ ls ./.ssh -al
>
> total 48
>
> drwx------ 2 backuppc root 4096 2008-11-29 17:08 .
>
> drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..
>
> -rw-r--r-- 1 backuppc backuppc 411 2008-11-29 16:56 BackupPC_id_rsa.pub
>
> -rw------- 1 backuppc backuppc 1671 2008-11-29 16:55 id_rsa
>
> -rw-r--r-- 1 backuppc backuppc 411 2008-11-29 16:55 id_rsa.pub
>
> -rw-r--r-- 1 backuppc backuppc 803 2008-11-29 17:07 known_hosts
>
>
>
> -bash-3.2$ chmod -R go-rwx ./.ssh
>
>
>
> -bash-3.2$ ls ./.ssh -al
>
> total 48
>
> drwx------ 2 backuppc root 4096 2008-11-29 17:08 .
>
> drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..
>
> -rw------- 1 backuppc backuppc 411 2008-11-29 16:56 BackupPC_id_rsa.pub
>
> -rw------- 1 backuppc backuppc 1671 2008-11-29 16:55 id_rsa
>
> -rw------- 1 backuppc backuppc 411 2008-11-29 16:55 id_rsa.pub
>
> -rw------- 1 backuppc backuppc 803 2008-11-29 17:07 known_hosts
>
>
>
> ... and do same chmod on Windows-server:
>
>
>
> [root@WinServer .ssh]# chmod -R go-rwx .
>
>
>
> [root@WinServer .ssh]# ls -al
>
> total 64
>
> drwx------ 2 root root 4096 2008-11-29 17:00 .
>
> drwxr-x--- 27 root root 4096 2008-11-29 16:58 ..
>
> -rw------- 1 root root 439 2008-11-29 16:58 authorized_keys2
>
> -rw------- 1 root root 411 2008-11-29 16:55 authorized_keys2~
>
> -rw------- 1 root root 411 2008-11-29 16:53 BackupPC_id_rsa.pub
>
> -rw------- 1 root root 1675 2008-11-29 16:50 id_rsa
>
> -rw------- 1 root root 408 2008-11-29 16:50 id_rsa.pub
>
> -rw------- 1 root root 395 2008-11-29 17:00 known_hosts
>
> [root@WinServer .ssh]#
>
>
>
> Should be done all but the final TEST:
>
>
>
> -bash-3.2$ ssh -l root WinServer whoami
>
> The authenticity of host 'WinServer (192.168.1.101)' can't be established.
>
> RSA key fingerprint is 57:e6: … :7a:c6. ç Should this be the same as
> when created in step one?
>
Yes, because it is the fingerprint of the server (it is not
user-specific). FYI, the RSA key it is referencing is in /etc/ssh/
(it's probably called ssh_host_rsa_key.pub).
The first time you were asked this question, you were scp'ing as root.
Now you are ssh'ing as a different user. That is why you're being asked
the question again. Each user gets the opportunity to accept or reject
the validity of a server's public key (by verifying that the fingerprint
is correct). This information is recorded in the user's
~/.ssh/known_hosts file.
-Rob
> Are you sure you want to continue connecting (yes/no)? ^C <<<===
> ABORTED DUE TO FAILURE
>
> -bash-3.2$
>
>
********************************************************
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or other dissemination or use of this transmission in
error please notify the sender immediately and then delete this e-mail.
E-mail transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted lost, destroyed, arrive late or
incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard copy
version.
********************************************************
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
