|
Re: [BackupPC-users] It's me again, Margret! - ssh-keygen
2009-01-09 17:58:25
Just a quick post to say that I found and fixed my problem.
Many thanks go to all who responded: Adam Goryachev, Holger Parplies and
Jeffrey Kosowsky, to name a few. All of your observations, comments and
recommendations kept me looking and learning through this.
The piece that got me on the right trail was the recommendation to run the
test and add the verbose switch (-v). Maybe if I can finish my crossover
from Windows to all Linux on my network, I will be able to invest more time
to learn to use the great tools built into the system!
What I found to be the problem was something that was part of the
installation configuration when I installed Ubuntu (Less than a week since I
started with Archiver and Winserver the day before my post of the problem).
I am still adjusting to the differences between Ubuntu and Fedora (which I
hardly got to know well. During the install or first run, I was prompted
for the hostname. Later when setting up samba services, I specified the
workgroup name. At some point an entry was made in hosts immediately after
127.0.0.1 localhost that read
127.0.1.1 Archiver.workgroup
I edited the hosts file on both the windows server and the archive server to
remove the workgroup part of the listing. I reran the test:
ssh -l root winserver whoami OR
ssh -l root 192.168.1.101 whoami
both immediately respond with 'root'.
I fully expect to be able to finish configuring BackupPC this evening and
verify my first backup in the morning!
Once again, THANKS to ALL! -- ken
-----Original Message-----
From: Adam Goryachev [mailto:mailinglists AT websitemanagers.com DOT au]
Sent: Friday, January 09, 2009 12:47 AM
To: General list for user discussion,questions and support
Subject: Re: [BackupPC-users] It's me again, Margret! - ssh-keygen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kenneth L. Owen wrote:
> The Archiver machine will also be my daytime workstation in the workshop.
> Therefore, I want to be able to do more than just run BackupPC at night.
> Some software not pertaining to BackupPC will be needed.
Nothing stops you from running other programs, daemons, etc on the
backuppc server...
> Tino, in the original transcript, I didn't show work done on Winserver.
>
> Maybe I see the problem. On the winserver end, I put the public key in
> authorized_keys2. Maybe Ubuntu version uses a different name from Fedora.
> Maybe I should have put the key in authorized_keys.
I've seen authorised_keys2 in some documentation, but have never needed
to use it. I use debian, ubuntu, and a long time ago used redhat (before
RH9) and slackware and have always used ~/.ssh/authorized_keys
> I tried using authorized_keys and got the same result. The transcript
> follows. (showing work on both ends) -- ken
>
>>>> On Archiver: ip: 192.168.1.106
> ken@Archiver:~$ su -
> Password:
> root@Archiver:~# su backuppc
> $ whoami
> backuppc
> $ ssh-keygen -t rsa
> Generating public/private rsa key pair.
> Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa):
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
Did you enter an empty passphrase?
> Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
> Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
> The key fingerprint is:
> 08:2c:0f:a6:10:c6:6f:8a:0b:e9:1c:a9:1a:e3:30:39 backuppc@Archiver
>
> $ scp BackupPC_id_rsa.pub [email protected]:/root/.ssh/
You are copying a different file... the above command created
/var/lib/backuppc/.ssh/id_rsa.pub and you are copying BackupPC_id_rsa.pub...
> The authenticity of host '192.168.1.101 (192.168.1.101)' can't be
> established.
> RSA key fingerprint is 71:a1:03:7d:fb:b9:87:1f:32:c7:a3:46:d0:81:2d:af.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '192.168.1.101' (RSA) to the list of known
hosts.
This will save you from doing this later, if you configure backuppc to
backup 192.168.1.101 as opposed to the host "someserver" or whatever
name you use.
> [email protected]'s password:
> BackupPC_id_rsa.pub
> 100% 399 0.4KB/s 00:00
>
>>>> On Winserver: ip: 192.168.1.101 (Also running Ubuntu)
> ken@Winserver:~$ su -
> Password:
> root@Winserver:~# cd /root/.ssh
> root@Winserver:~/.ssh# ls -al
> total 12
> drwx------ 2 root root 4096 2009-01-08 22:58 .
> drwxr-xr-x 10 root root 4096 2009-01-08 22:39 ..
> -rw-r--r-- 1 root root 399 2009-01-08 22:58 BackupPC_id_rsa.pub
>
> root@Winserver:~/.ssh# exit
You forgot to "mv BackupPC_id_rsa.pub authorized_keys"
> logout
>>>> root account can't run gedit in Ubuntu <<<
> ken@Winserver:~$ sudo gedit /root/.ssh/BackupPC_id_rsa.pub
> sudo: unable to resolve host Winserver
> [sudo] password for ken:
> Added: from="Archiver" at beginning of BackupPC_id_rsa.pub
I would suggest leaving out this restriction until after you get the
basic version working... Just don't forget to add it later.
> ken@Winserver:~$ su -
> Password:
> root@Winserver:~# cd /root/.ssh
> root@Winserver:~/.ssh# cat BackupPC_id_rsa.pub >> authorized_keys
> root@Winserver:~/.ssh# cat authorized_keys
> from="Archiver" ssh-rsa AAAAB...//...CzFk8lw== backuppc@Archiver
> root@Winserver:~/.ssh#
OK, so should work now.... assuming the from="Archiver" is satisfied...
BTW, what is "ls -la /root/.ssh" on winserver showing?
>>>> On Archiver:
> $ chmod -R go-rwx *
> $ ls -al
> total 24
> drwx------ 2 backuppc backuppc 4096 2009-01-08 22:58 .
> drwxr-xr-x 9 backuppc backuppc 4096 2009-01-08 12:46 ..
> -rw------- 1 backuppc backuppc 399 2009-01-08 22:57 BackupPC_id_rsa.pub
> -rw------- 1 backuppc backuppc 1675 2009-01-08 22:33 id_rsa
> -rw------- 1 backuppc backuppc 399 2009-01-08 22:33 id_rsa.pub
> -rw------- 1 backuppc backuppc 442 2009-01-08 22:58 known_hosts
> $ ssh -l root 192.168.1.101 whoami
> [email protected]'s password: <---Here it is asking for root password
on
> Winserver
> root
> $
Try ssh -v -l root 192.168.1.101 whoami
Also, on winserver, check /etc/ssh/sshd_conf, I am pretty sure no
changes are needed, but it might be worth checking it, or posting the
contents.
Regards,
Adam
- --
Adam Goryachev
Website Managers
www.websitemanagers.com.au
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAklm5OYACgkQGyoxogrTyiXsUwCfQijKef2PBtoLvxnoays0XlKc
nEMAn0WpjMMtwWFDxMdscMAFRBxj+689
=waj0
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
--
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
|
|
