BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] It's me again, Margret! - ssh-keygen

2009-01-09 01:08:25
Subject: Re: [BackupPC-users] It's me again, Margret! - ssh-keygen
From: "Jeffrey J. Kosowsky" <backuppc AT kosowsky DOT org>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Fri, 09 Jan 2009 01:04:54 -0500 
Kenneth L. Owen wrote at about 00:20:41 -0500 on Friday, January 9, 2009:
 > Tino,
 > 
 > Having gotten accustomed to Fedora, I prefer working as root when required
 > instead of having to enter lines twice -- once without sudo, error, then
 > retype it with sudo.  
I consider that a *feature* rather than a bug -- many times it has
prevented me from doing some bone-headed damaging things (and by the
way I use sudo all the time on Fedora, only using root when I need a
full root shell environment or when I need to park myself in a
directory that is only root-readable)

Also, you don't need to retype -- use bash to recall the previous line
and just add sudo...
Type: sudo !!

Also, root can navigate to some directories that
 > normal user can't go.  Once I get more used to using sudo, I may put root
 > back as it was.  This was the ONLY reason for setting a root password.
 > 
 > The backuppc password is only used initially to start BackupPC CGI for
 > setup, I think.  I haven't gotten that far as yet.  BackupPC is installed,
 > config.pl has been edited, but backuppc is currently halted until I get the
 > keys set.  I have my LVM drive to house the backup files mounted and ready.
 > 
 > The Archiver machine will also be my daytime workstation in the workshop.
 > Therefore, I want to be able to do more than just run BackupPC at night.
 > Some software not pertaining to BackupPC will be needed.
 > 
 > Tino, in the original transcript, I didn't show work done on Winserver.
 > 
 > Maybe I see the problem.  On the winserver end, I put the public key in
 > authorized_keys2.  Maybe Ubuntu version uses a different name from Fedora.
 > Maybe I should have put the key in authorized_keys.
Shouldn't make a difference.
Listen, I think it would save you time and hassle if you invested some
time in reading up on ssh rather than trying to get spoon-fed
step-by-step. SSH is a pretty basic utility that has many uses and you
might as well lean how to use it right now since it can be very
helpful in many machine-to-machine communication and admin
activities. Plus, getting it right is critical to your machine
security, so you might as well understand what you are doing. It's not
rocket science -- it just requires a little stepping back and
understanding what public key encryption is all about.

 > 
 > I tried using authorized_keys and got the same result.  The transcript
 > follows.  (showing work on both ends) -- ken
 > 
 > >>> On Archiver:  ip: 192.168.1.106
 > ken@Archiver:~$ su -
 > Password: 
 > root@Archiver:~# su backuppc
 > $ whoami
 > backuppc
 > $ ssh-keygen -t rsa
 > Generating public/private rsa key pair.
 > Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa): 
 > Enter passphrase (empty for no passphrase): 
 > Enter same passphrase again: 
 > Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
 > Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
 > The key fingerprint is:
 > 08:2c:0f:a6:10:c6:6f:8a:0b:e9:1c:a9:1a:e3:30:39 backuppc@Archiver
 > 
 > $ scp BackupPC_id_rsa.pub [email protected]:/root/.ssh/
 > The authenticity of host '192.168.1.101 (192.168.1.101)' can't be
 > established.
 > RSA key fingerprint is 71:a1:03:7d:fb:b9:87:1f:32:c7:a3:46:d0:81:2d:af.
 > Are you sure you want to continue connecting (yes/no)? yes
 > Warning: Permanently added '192.168.1.101' (RSA) to the list of known hosts.
 > [email protected]'s password: 
 > BackupPC_id_rsa.pub
 > 100%  399     0.4KB/s   00:00    
 > 
 > >>> On Winserver:  ip:  192.168.1.101 (Also running Ubuntu)
 > ken@Winserver:~$ su -
 > Password: 
 > root@Winserver:~# cd /root/.ssh
 > root@Winserver:~/.ssh# ls -al
 > total 12
 > drwx------  2 root root 4096 2009-01-08 22:58 .
 > drwxr-xr-x 10 root root 4096 2009-01-08 22:39 ..
 > -rw-r--r--  1 root root  399 2009-01-08 22:58 BackupPC_id_rsa.pub
 > 
 > root@Winserver:~/.ssh# exit
 > logout
 > >>>  root account can't run gedit in Ubuntu  <<<
 > ken@Winserver:~$ sudo gedit /root/.ssh/BackupPC_id_rsa.pub
 > sudo: unable to resolve host Winserver
 > [sudo] password for ken: 
 > Added:  from="Archiver" at beginning of BackupPC_id_rsa.pub
 > 
 > ken@Winserver:~$ su -
 > Password: 
 > root@Winserver:~# cd /root/.ssh
 > root@Winserver:~/.ssh# cat BackupPC_id_rsa.pub >> authorized_keys
 > root@Winserver:~/.ssh# cat authorized_keys
 > from="Archiver" ssh-rsa AAAAB...//...CzFk8lw== backuppc@Archiver
 > root@Winserver:~/.ssh# 
 > 
 > >>> On Archiver:
 > $ chmod -R go-rwx *
 > $ ls -al
 > total 24
 > drwx------ 2 backuppc backuppc 4096 2009-01-08 22:58 .
 > drwxr-xr-x 9 backuppc backuppc 4096 2009-01-08 12:46 ..
 > -rw------- 1 backuppc backuppc  399 2009-01-08 22:57 BackupPC_id_rsa.pub
 > -rw------- 1 backuppc backuppc 1675 2009-01-08 22:33 id_rsa
 > -rw------- 1 backuppc backuppc  399 2009-01-08 22:33 id_rsa.pub
 > -rw------- 1 backuppc backuppc  442 2009-01-08 22:58 known_hosts
 > $ ssh -l root 192.168.1.101 whoami
 > [email protected]'s password:    <---Here it is asking for root password on
 > Winserver
 > root
 > $
 > 
 > -----Original Message-----
 > From: Tino Schwarze [mailto:backuppc.lists AT tisc DOT de] 
 > Sent: Thursday, January 08, 2009 6:19 PM
 > To: backuppc-users AT lists.sourceforge DOT net
 > Subject: Re: [BackupPC-users] It's me again, Margret! - ssh-keygen
 > 
 > 
 > 
 > ------------------------------------------------------------------------------
 > Check out the new SourceForge.net Marketplace.
 > It is the best place to buy or sell services for
 > just about anything Open Source.
 > http://p.sf.net/sfu/Xq1LFB
 > _______________________________________________
 > BackupPC-users mailing list
 > BackupPC-users AT lists.sourceforge DOT net
 > List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
 > Wiki:    http://backuppc.wiki.sourceforge.net
 > Project: http://backuppc.sourceforge.net/
 > 

------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] It's me again, Margret! - ssh-keygen, Adam Goryachev
Next by Date:  [BackupPC-users] OT - for Holger Parplies, Jeffrey J. Kosowsky
Previous by Thread:  Re: [BackupPC-users] It's me again, Margret! - ssh-keygen, Adam Goryachev
Next by Thread:  [BackupPC-users] How to delete backups? + Benefit of incremental backups?, Thomas Birnthaler
Indexes:  [Date] [Thread] [Top] [All Lists]