BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] How to use ssh-agent on a server without X?

2010-03-18 23:44:51
Subject: Re: [BackupPC-users] How to use ssh-agent on a server without X?
From: Luis Paulo <luis.barbas AT gmail DOT com>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Fri, 19 Mar 2010 03:43:00 +0000
Well, it works

This sets the agent and asks for the key on boot
$ cat /etc/rc.local
su - backuppc -c "exit"

$ cat /home/backuppc/.bash_profile
/usr/bin/keychain -Q -q --nogui /home/backuppc/.ssh/id_rsa
[[ -f /home/backuppc/.keychain/main-sh ]] && source /home/backuppc/.keychain/main-sh

on client.pl
...
$Conf{RsyncClientCmd} = '/home/backuppc/backuppc.sh $sshPath -q -x -l backuppc $host /usr/bin/sudo $rsyncPath $argList+';
...

$cat /home/backuppc/backuppc.sh
#!/bin/sh
. /home/backuppc/.keychain/main-sh
$*

/home/backuppc/.keychain/main-sh is created by keychain and it contains something like:
$ cat /home/backuppc/.keychain/main-sh
SSH_AUTH_SOCK=/tmp/ssh-swkbQc6157/agent.6157; export SSH_AUTH_SOCK;
SSH_AGENT_PID=6158; export SSH_AGENT_PID;

This works for backing up using passphrase keys using ssh-agent/keychain, and it keeps the agent and keys between your backuppc user sessions.

Personally, I find it annoying, specially if you don't usually have a monitor connected to your server when you have to type the passphrase :)

On Wed, Mar 17, 2010 at 3:29 PM, Luis Paulo <luis.barbas AT gmail DOT com> wrote:
It seems ssh-agent alone don't do the job because it is not possible to keep env vars SSH_AGENT_PID and SSH_AUTH_SOCK between sessions

keychain do a good job setting ssh-agent for the user, using ,bash_profile and keeping the env vars on a file in ~/.keychain/

I was trying to set this on rc.local (with S99rc.local on ubuntu). Maybe it is possible to set keychain there, but for now I just use rc.local to log as backuppc user. Boot stops, asks for the passphrase (but not the user password?). Then I run exit to continue boot.

Not very elegant :)

And the first ssh as backuppc user I do seems to hang or take too long to connect. After that, it works fine.



On Wed, Mar 17, 2010 at 1:14 AM, Luis Paulo <luis.barbas AT gmail DOT com> wrote:
I now use ssh with phraseless keys to do my backups on a server without X.

As I remember, when I had backuppc server on a machine with X, it was quite easy to make the gnome-agent send the key. The only thing was the need to insert a key on boot, what could be a problem on a power event.

I have tryed, but I never was able to do that with ssh-agent.

I'll tell you exactly what I am doing in following posts, but can anyone give some help for starters?

Thanks
Luis


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] Communicating with a windows laptop on my workgroup, Chris Bennett
Next by Date:  [BackupPC-users] Restore large file problem, XP_2600
Previous by Thread:  Re: [BackupPC-users] How to use ssh-agent on a server without X?, Luis Paulo
Next by Thread:  [BackupPC-users] Offsite storage media- feasible for backup?, allenR
Indexes:  [Date] [Thread] [Top] [All Lists]