Re: [BackupPC-users] Exchanging keys
2017-05-14 22:21:05
On 15/05/17 10:56, Bob Katz wrote:
Les wrote:
"Normally the key goes in
root's home directory under
.ssh/authorized_keys. That
'ssh-copy-id' command is a shell script
if you want to see what it
does. Maybe you find wherever root's home
directory is in the sandbox
environment and make a copy there."
I see that script does something with *.pub" and perhaps it
puts it into the text file authorized_keys. That's the file
that ends up on the Thecus inside /root/.ssh. I've kind of
verified that ssh is running as a process on the Thecus.
So I'm (potentially) giving up... it could be the Thecus or it
could be me. I implemented the Thecus basic ssh daemon (which
deals with root ssh access) and disabled the module's special
ssh daemon. I used Richard's advice and dis ssh-copy-id
Well, I've tried and tried,
deleting files on both server and client, and I keep on
dealing with this error: sign_and_send_pubkey: signing
failed: agent refused operation
So basically I'm giving up.
Les also wrote:
"If not, and you end up
using rsyncd instead, just change the
$Conf{XferMethod} to rsyncd
instead of rsync."
Looks like rsyncd is my option for the Thecus. I'm so
sorry, too. I feel I'm close to conquering the key issue, but
so far :-(.
If you want to try further, I'd suggest a three phase process:
1) Manually ssh from the backuppc user on your backuppc host to your
Thecus:
sudo -s /bin/bash backuppc
ssh root@thecus
Make sure you use the same name that you used for backuppc, if you
can't get this to work (with a password), then you probably need to
adjust some SSH settings (eg, the thecus might be using weak ciphers
only, which your newer backuppc host may reject by default, add -v
to the ssh command for some more details).
2) Copy the key to the "live" temporary storage on the Thecus
On the backuppc host, still as the backuppc user:
cd ~/.ssh
cat *.pub
Then, copy the content shown (mouse copy+paste if you can)
ssh root@thecus
echo "pasted content" >> .ssh/authorized_keys
Make sure to use >> or you will overwrite the old content,
>> means append, or add to the end of the file.
Also, check the content of the authorized_keys file to ensure there
are not blank lines etc
Now, try to ssh root@thecus and you should not need to enter a
password. If this doesn't work, then you might need to chase it up
with a thecus community for more details.
3) Make the authorized_keys change permanent
In these type of environments, there is usually a special command to
tell the system to commit this file to permanent storage. You might
need to remount that partition as read-write first, and then just
copy the file there, but hopefully you have some instructions or
idea on how to change a file permanently.
reboot to make sure the change does survive.
Ultimately, the only difference between rsyncd and rsync + ssh is
that rsyncd will send all the data including username/password
un-encrypted over the network. Depending on your network, you may
decide whether this is a problem or not. Note: the encryption for
SSH will likely slow down the backup (potentially a lot) since the
CPU on these devices tends to be rather limited, thus rsyncd might
be a better choice. You may also choose a specific cipher (with less
protection, but less CPU requirement) if you get ssh + rsync
working.
Regards,
Adam
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
ADSM.ORG Privacy and Data Security by KimLaw, PLLC
|