BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] Exchanging keys

2017-05-14 22:21:05
Subject: Re: [BackupPC-users] Exchanging keys
From: Adam Goryachev <mailinglists AT websitemanagers.com DOT au>
To: backuppc-users AT lists.sourceforge DOT net
Date: Mon, 15 May 2017 12:20:28 +1000
On 15/05/17 10:56, Bob Katz wrote:
Les wrote:

"Normally the key goes in root's home directory under
.ssh/authorized_keys.     That 'ssh-copy-id' command is a shell script
if you want to see what it does.  Maybe you find wherever root's home
directory is in the sandbox environment and make a copy there."


I see that script does something with *.pub" and perhaps it puts it into the text file authorized_keys. That's the file that ends up on the Thecus inside /root/.ssh. I've kind of verified that ssh is running as a process on the Thecus. 

So I'm (potentially) giving up... it could be the Thecus or it could be me. I implemented the Thecus basic ssh daemon (which deals with root ssh access) and disabled the module's special ssh daemon. I used Richard's advice and dis ssh-copy-id

Well, I've tried and tried, deleting files on both server and client, and I keep on dealing with this error: sign_and_send_pubkey: signing failed: agent refused operation

So basically I'm giving up.


Les also wrote:

"If not, and you end up using rsyncd instead, just change the
$Conf{XferMethod} to rsyncd instead of rsync."

Looks like rsyncd is my option for the Thecus. I'm so sorry, too. I feel I'm close to conquering the key issue, but so far :-(.

If you want to try further, I'd suggest a three phase process:
1) Manually ssh from the backuppc user on your backuppc host to your Thecus:
sudo -s /bin/bash backuppc
ssh root@thecus
Make sure you use the same name that you used for backuppc, if you can't get this to work (with a password), then you probably need to adjust some SSH settings (eg, the thecus might be using weak ciphers only, which your newer backuppc host may reject by default, add -v to the ssh command for some more details).

2) Copy the key to the "live" temporary storage on the Thecus
On the backuppc host, still as the backuppc user:
cd ~/.ssh
cat *.pub
Then, copy the content shown (mouse copy+paste if you can)
ssh root@thecus
echo "pasted content" >> .ssh/authorized_keys
Make sure to use >> or you will overwrite the old content, >> means append, or add to the end of the file.
Also, check the content of the authorized_keys file to ensure there are not blank lines etc
Now, try to ssh root@thecus and you should not need to enter a password. If this doesn't work, then you might need to chase it up with a thecus community for more details.

3) Make the authorized_keys change permanent
In these type of environments, there is usually a special command to tell the system to commit this file to permanent storage. You might need to remount that partition as read-write first, and then just copy the file there, but hopefully you have some instructions or idea on how to change a file permanently.
reboot to make sure the change does survive.

Ultimately, the only difference between rsyncd and rsync + ssh is that rsyncd will send all the data including username/password un-encrypted over the network. Depending on your network, you may decide whether this is a problem or not. Note: the encryption for SSH will likely slow down the backup (potentially a lot) since the CPU on these devices tends to be rather limited, thus rsyncd might be a better choice. You may also choose a specific cipher (with less protection, but less CPU requirement) if you get ssh +  rsync working.

Regards,
Adam


On Sun, May 14, 2017 at 6:05 PM, Les Mikesell <lesmikesell AT gmail DOT com> wrote:
On Sun, May 14, 2017 at 4:43 PM, Bob Katz <bobkatz AT digido DOT com> wrote:
>
> Again, you're a godsend. I can root ssh to the Thecus!
>
> But I wish exchanging keys were that simple with the Thecus NAS. The Thecus
> has a sandboxed operating system. Anything below /raid will be eaten up on
> reboot. To do keys you have to use a module called FajoSSHD that's located
> here on the Thecus:
>
> Office-MacBook-Pro:~ bobkatz$ ssh [email protected]
>
> N6850:~# cd /raid/data/module/FaJoSSHD
> # ls
> cgi-bin/ log.txt  Shell/   system/  www/
> COPY     shell@   sys/     VERSION
> N6850:/raid/data/module/FaJoSSHD#
>
> I know that FajoSSHD keeps authorized keys in here:
>
> N6850:/raid/data/module/FaJoSSHD/system/etc/ssh/users/root# ls
> authorized_keys
>
> But I cannot figure out where the public key you want me to transfer should
> go. Would it go into that same directory? If not, I can explore any other
> directories. Somewhere in this hierarchy I need to put the key which I
> generated on my Fedora server.
>
> I'm going to try your code and see if I can get it to work using the above
> url. Stand by.
>

Normally the key goes in root's home directory under
.ssh/authorized_keys.     That 'ssh-copy-id' command is a shell script
if you want to see what it does.  Maybe you find wherever root's home
directory is in the sandbox environment and make a copy there.

If not, and you end up using rsyncd instead, just change the
$Conf{XferMethod} to rsyncd instead of rsync.

--
  Les Mikesell
    lesmikesell AT gmail DOT com

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/



--
-- 
Bob Katz 407-831-0233 DIGITAL DOMAIN | "There are two kinds of fools,
Recording, Mastering, Manufacturing  | One says-this is old and therefore good.
Author: Mastering Audio              | The other says-this is new and therefore
Digital Domain Website               | better."

No trees were killed in the sending of this message. However a large number
of electrons were terribly inconvenienced.
No more Plaxo, Linked-In, or any of the other time-suckers. Please contact me by regular email. Yes, we have a facebook page and a You-Tube site!


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/



--
Adam Goryachev Website Managers www.websitemanagers.com.au
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] Recommend add to manual, Bob Katz
Next by Date:  [BackupPC-users] Backing up Windows 7 Pro, not enough permissions, Tapio Lehtonen
Previous by Thread:  Re: [BackupPC-users] Exchanging keys, Bob Katz
Next by Thread:  Re: [BackupPC-users] BackupPC 4.1.2 released, daveinredmond AT excite DOT com
Indexes:  [Date] [Thread] [Top] [All Lists]
ADSM.ORG Privacy and Data Security by KimLaw, PLLC