Re: [BackupPC-users] I broke perfection ...

Hello Rob,

Thanks for taking the time to look at this and reply.  I am learning, but
still have a ways to go before I can serve at your capacity!

I read over your reply and have a few added pieces and some questions:  (All
of this was the same when I successfully created the keys before the crash.)

1.      Before I started setting up pass-phraseless keys for BackupPC, I had
already created ssh keys that would allow me to log in remotely between the
two Linux workstations as normal user 'ken'.  Root logon is not allowed.
Once I logon, I can su to 'root', if needed.  The keys that allow this exist
on both machines in /home/ken/.ssh/known_hosts.  This is working fine just
like it was the first time I created the backuppc keys.
2.      This is a rebuild of a previously working system.  This is the exact
same sequence (as best as I can determine) of the first time I set up these
keys.  I took my directions, both times, step by step from
http://www.howtoforge.com/linux_backuppc_p4
3.      I also have httpd setup for secure connections between the two Linux
workstations (https:).  I can log into BackupPC GUI as 'ken' on "Archiver",
but cannot log in to BackupPC from "WinServer" as 'ken', nor could I do so
before when every thing else was working.  It may be that I am not doing it
correctly.  In both cases, I enter "https://Archiver/BackupPC/ <enter>' into
my browser's url space.
4.      Your first comment "root@WinServer does not need a keypair
unless..." may be correct, but it was setup this way the first time and it
caused no problem.
5.      Your second comment "FYI, you do not need to conceal finger prints"
is well taken.  I was not trying to conceal so much as cut down on unneeded
data and typing.
6.      Your third comment was "This whole section is not needed for
BackupPC.  What you've done here is allowed root@WinServer to log in as
[email protected], and I don't think that's what you meant to do."
  I take it that I don't need to send (scp) the key id_rsa.pub to Archiver
for BackupPC to be able to access WinServer.  But I don't understand that
root would be logging in as 'backuppc' user!!
7.      The forth comment is where I have the most trouble following you.
"Yes, because it is the fingerprint of the server (it is not user-specific).
FYI, the RSA key it is referencing is in /etc/ssh/ (it's probably called
ssh_host_rsa_key.pub).  

The first time you were asked this question, you were scp'ing as root.  Now
you are ssh'ing as a different user.  That is why you're being asked the
question again.  Each user gets the opportunity to accept or reject the
validity of a server's public key (by verifying that the fingerprint is
correct).  This information is recorded in the user's ~/.ssh/known_hosts
file."

I checked /etc/ssh/ and do have both ssh_host_rsa_key.pub and
ssh_host_dsa_key.pub.

In step 1, the fingerprint was 'fe:a0:.:7b:9e' and but that is the key
generation on WinServer that you said was not needed.  My mistake in
referencing this.  The only keys I am aware of on Archiver for this process
of creating keys exist at /var/lib/BackupPC/.ssh and should be the keys used
by backuppc user.

When I did the scp of the Archiver key to WinServer, I was working as
'backuppc', not 'root'.  When I was testing at the end, I was 'backuppc'
reqesting logon to WinServer with 'root' authority, as I understand it.  The
last time I set up the keys, I did not get the 'password' prompt, but just
got a reply of 'root' from WinServer.  (Actual transcript below.)

[ken@Archiver ~]$ su -
Password: 
[root@Archiver ~]# su -s /bin/bash - backuppc 
-bash-3.2$ ssh -l root WinServer whoami
root 
-bash-3.2$

Does it matter if the BackupPC service is running?  I think it was stopped
when I created the keys this time.

-----Original Message-----
From: Rob Owens [mailto:rob.owens AT biochemfluidics DOT com] 
Sent: Wednesday, December 03, 2008 10:30 AM
To: General list for user discussion,questions and support
Subject: Re: [BackupPC-users] I broke perfection ...



Kenneth L. Owen wrote:
> Back in October, I was a Linux newbie struggling to get BackupPC to work
> and was successful in a very short time with the great support I got
> here (Ref:  Almost Working).  Since then, I've monitored the system

>>>> Deleted text <<<<

Yes, because it is the fingerprint of the server (it is not
user-specific).  FYI, the RSA key it is referencing is in /etc/ssh/
(it's probably called ssh_host_rsa_key.pub).

The first time you were asked this question, you were scp'ing as root.
Now you are ssh'ing as a different user.  That is why you're being asked
the question again.  Each user gets the opportunity to accept or reject
the validity of a server's public key (by verifying that the fingerprint
is correct).  This information is recorded in the user's
~/.ssh/known_hosts file.

-Rob

> Are you sure you want to continue connecting (yes/no)? ^C  <<<===
> ABORTED DUE TO FAILURE
> 
> -bash-3.2$
> 


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/