BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] It's me again, Margret! - ssh-keygen

2009-01-08 18:21:24
Subject: Re: [BackupPC-users] It's me again, Margret! - ssh-keygen
From: Tino Schwarze <backuppc.lists AT tisc DOT de>
To: backuppc-users AT lists.sourceforge DOT net
Date: Fri, 9 Jan 2009 00:19:26 +0100 
On Thu, Jan 08, 2009 at 06:00:10PM -0500, Kenneth L. Owen wrote:

> 1.    Ubuntu uses sudo and does not have root logon setup by default.  I
> gave root a logon password.

Root does not need a password for key-based ssh access. You might need
to enable PermitRootLogin in /etc/ssh/sshd_config though - it might be
disabled.

> 2.    Fedora did not give backuppc user a password, but Ubuntu does.
> 3.    To perform work as user backuppc, in Fedora as root I had to use the
> command 'su -s /bin/bash - backuppc', but on Ubuntu as root, I think it is
> simply 'su backuppc'.

Depends on how the backuppc user is set up (whether it's got a shell in
/etc/passwd)

> I worked through the key generation process (trotting back and forth between
> machines) and all seemed to work exactly as it should all the way up to the
> test of the result.  When I enter the command 
> 
> ssh -l root winserver whoami            or            ssh -l root
> 192.168.1.101 whoami
> 
> it asks for root password.

That's not related to your server's root account! Not in any way! You
actually don't need to mess with the BackupPC's root account. Look at
your winserver's ssh log messages (they might even show up in the eventlog).


> I captured a transcript of the commands as run and excerpts follow.  - ken
> 
> ken@Archiver:~$ sudo apt-get install rsync ssh openssh-server
> 
> -----download details deleted.
> 
> Setting up ssh (1:4.7p1-8ubuntu1.2) ...

You shouldn't need an ssh server on the BackupPC server for backup
purposes. (It's usually handy for administration anyway, I just want to
make things clear for your setup.)
 
> root@Archiver:/var/lib/backuppc/.ssh# su backuppc
> 
> $ whoami
> backuppc
> 
> $ cd /var/lib/backuppc/.ssh
> $ ls -al
> total 8
> drwx------ 2 backuppc backuppc 4096 2009-01-08 13:25 .
> drwxr-xr-x 9 backuppc backuppc 4096 2009-01-08 12:46 ..
> 
> $ ssh-keygen -t rsa
> Generating public/private rsa key pair.
> Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa): 
> Enter passphrase (empty for no passphrase): 
> Enter same passphrase again: 
> Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
> Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
> The key fingerprint is:
> 37:b9:95:9a:2a:1a:c0:f5:97:2a:ad:f8:3f:4d:66:69 backuppc@Archiver

> $ cp id_rsa.pub BackupPC_id_rsa.pub
> 
> $ scp BackupPC_id_rsa.pub [email protected]:/root/.ssh/
> The authenticity of host '192.168.1.101 (192.168.1.101)' can't be
> established.
> RSA key fingerprint is 71:a1:03:7d:fb:b9:87:1f:32:c7:a3:46:d0:81:2d:af.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '192.168.1.101' (RSA) to the list of known hosts.
> [email protected]'s password: 
> BackupPC_id_rsa.pub                                             100%  399
> 0.4KB/s   00:00    

Here you copied the generated public key file to your winserver's .ssh
directory. You did not tell the winserver to actually accept that key
automatically. To achieve this, you need to add the key's contents (it's
just one line of text) to the /root/.ssh/authorized_keys file.

> $ chmod -R go-rwx /var/lib/backuppc/.ssh 
 
The client side shouldn't matter.

> $ ssh -l root 192.168.1.101 whoami
> [email protected]'s password:      <== Shouldn't get this, but when entered

It's correct that you've got the prompt - see above.

To sum things up: For the ssh part of your setup, the winserver is the
ssh server and the backup server is the ssh client. The ssh server will
accept clients which authenticate by either password or an ssh key which
public part is found in the user's authorized_keys file. The ssh command
on the client will try to authenticate via a public key found in
.ssh/id_rsa.pub or .ssh/id_dsa.pub (details vary depending on ssh
config). So, what you need is

1. public/private key pair on BackupPC server in ~backuppc/.ssh/
2. public key on winserver in ~root/.ssh/authorized_keys

HTH,

Tino.

-- 
"What we nourish flourishes." - "Was wir nähren erblüht."

www.lichtkreis-chemnitz.de
www.craniosacralzentrum.de

------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [BackupPC-users] How to delete backups? + Benefit of incremental backups?, Thomas Birnthaler
Next by Date:  Re: [BackupPC-users] How to delete backups? + Benefit of incremental backups?, Tino Schwarze
Previous by Thread:  Re: [BackupPC-users] It's me again, Margret! - ssh-keygen, Kenneth L. Owen
Next by Thread:  Re: [BackupPC-users] It's me again, Margret! - ssh-keygen, Kenneth L. Owen
Indexes:  [Date] [Thread] [Top] [All Lists]