On Mon, 2012-01-23 at 22:36 -0600, Les Mikesell wrote:
> On Mon, Jan 23, 2012 at 10:07 PM, Kenneth L. Owen
> <tx836519 AT bellsouth DOT net> wrote:
> > Hi Les,
> >
> > I'm not getting something about setting up to use rsync to backup /home
> > on localhost.  The instructions that I filed for generating keys is:
> >
> > Setting up BackupPC software to run rsync using visudo:
> >
> > Create user backuppc on the server and each client.
> >
> > Then generate keys for your server backuppc user:
> > backuppc$> ssh-keygen -t rsa
> > use ssh-copy-id to copy the pub key to each of the clients
> > backuppc$>ssh-copy-id client
> >
> > Likewise, on each client generate keys for backuppc user:
> > backuppc$> ssh-keygen -t rsa
> > use ssh-copy-id to copy the pub key to the server:
> > backuppc$>ssh-copy-id archive-server
> >
> > On the archiving server, backuppc would ssh-copy-id localhost ??
> > Where does the reciprocal key come from ??
> 
> You don't need to generate new keys.  The keys are a public/private
> pair that identify the backuppc user and you should have already had a
> set.   You copy the public side of the key (this is what the
> ssh-copy-id command does...) _from_ the user/host where the command
> will originate (i.e. backuppc on the server) to the user/host where
> the execution will be allowed (normally root on the target hosts
> unless you are using a more complicated sudo command).    The way ssh
> works is that the receiving end of the connection will use the public
> key that you added to the authorized_hosts file to make the
> originating side prove that it has read access to the private side of
> the same key.   If you overwrote the original backuppc user's private
> key, you'll have to update the matching public side on all the
> targets.

I am not wanting to generate a new private key on the archiver for
backuppc user for just the reason you gave -- the clients are in sync
with this key.  

backuppc ssh connects to the client as backuppc where he has an account.
The clients sudoers file gives backuppc root privilege for the commands
needed to perform backup and no others.  If I need to do a restore, I
must revise the sodoers file to to switch to the commands for restore so
backuppc can write the files.  Then when the restore is complete it is
changed back so that only the backup function is allowed.

On the archiver, backuppc has a logon ID.  The sudoers file gives
backuppc root authority on archiver system, but only for the commands
needed to perform a tar backup of /home.

So, to switch to rsync, I revise sudoers to give backuppc root privilege
for the commands to perform rsync backup of /home.  Then BackupPC
application will ssh connect to localhost as user backuppc on localhost.

Am I missing something here?

-- ken


------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/