Re: [BackupPC-users] How to use ssh-agent on a server without X?
2010-03-18 23:44:51
Well, it works
This sets the agent and asks for the key on boot $ cat /etc/rc.local su - backuppc -c "exit"
$ cat /home/backuppc/.bash_profile
/usr/bin/keychain -Q -q --nogui /home/backuppc/.ssh/id_rsa
[[ -f /home/backuppc/.keychain/main-sh ]] && source /home/backuppc/.keychain/main-sh
on client.pl ... $Conf{RsyncClientCmd} = '/home/backuppc/backuppc.sh $sshPath -q -x -l backuppc $host /usr/bin/sudo $rsyncPath $argList+'; ...
$cat /home/backuppc/backuppc.sh
#!/bin/sh . /home/backuppc/.keychain/main-sh $*
/home/backuppc/.keychain/main-sh is created by keychain and it contains something like: $ cat /home/backuppc/.keychain/main-sh SSH_AUTH_SOCK=/tmp/ssh-swkbQc6157/agent.6157; export SSH_AUTH_SOCK;
SSH_AGENT_PID=6158; export SSH_AGENT_PID;
This works for backing up using passphrase keys using ssh-agent/keychain, and it keeps the agent and keys between your backuppc user sessions.
Personally, I find it annoying, specially if you don't usually have a monitor connected to your server when you have to type the passphrase :)
On Wed, Mar 17, 2010 at 3:29 PM, Luis Paulo <luis.barbas AT gmail DOT com> wrote:
It seems ssh-agent alone don't do the job because it is not possible to keep env vars SSH_AGENT_PID and SSH_AUTH_SOCK between sessions
keychain do a good job setting ssh-agent for the user, using ,bash_profile and keeping the env vars on a file in ~/.keychain/
I was trying to set this on rc.local (with S99rc.local on ubuntu). Maybe it is possible to set keychain there, but for now I just use rc.local to log as backuppc user. Boot stops, asks for the passphrase (but not the user password?). Then I run exit to continue boot.
Not very elegant :)
And the first ssh as backuppc user I do seems to hang or take too long to connect. After that, it works fine.On Wed, Mar 17, 2010 at 1:14 AM, Luis Paulo <luis.barbas AT gmail DOT com> wrote:
I now use ssh with phraseless keys to do my backups on a server without X.
As I remember, when I had backuppc server on a machine with X, it was
quite easy to make the gnome-agent send the key. The only thing was the
need to insert a key on boot, what could be a problem on a power event.
I have tryed, but I never was able to do that with ssh-agent.
I'll tell you exactly what I am doing in following posts, but can anyone give some help for starters?
Thanks Luis
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev _______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
|
|