Hi Alex, Assuming backuppc runs as user "backuppc" and you need to be root on the linux box you're backing up to be able to see all files....
1. On the backup server "su - backuppc" . Then create the ssh public key fo this user by typing: ssh-keygen -b 1024 -t rsa (don't enter passphrase - just hit enter twice) 2. Secure copy the resulting ~/.ssh/id_rsa.pub to the remote linux host and then add it to the end of /root/.ssh/authorized_keys use something like scp ~/.ssh/id_rsa.pub [EMAIL PROTECTED]:/tmp/id_rsa.pub then on the remote box ... cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys 3. Check that the remote ~/.ssh/id_rsa.pub entry reflects the backuppc server hostname - not the IP address 4. Check that "ssh [EMAIL PROTECTED] ls" works as user backuppc from the backup server. Damian Quoting Alex Schaft <[EMAIL PROTECTED]>: > Hi, > > I've been trying to setup openssh to authenticate with keys and no > passwords to back up user mail folders on a linux machine, but haven't > been able to get rid of the password prompt. I've put the backuppc user > key from the backup server on the mail server, but no luck so far. > > Here's my ssh daemon config: > > Port 22 > ListenAddress 0.0.0.0 > > HostKey /etc/ssh/ssh_host_key > HostKey /etc/ssh/ssh_host_dsa_key > HostKey /etc/ssh/ssh_host_rsa_key > KeyRegenerationInterval 3600 > LoginGraceTime 600 > > ServerKeyBits 768 > ChallengeResponseAuthentication yes > Compression yes > > IgnoreRhosts yes > > KbdInteractiveAuthentication no > > > MaxStartups 10:30:60 > > PasswordAuthentication no > PermitEmptyPasswords no > PermitRootLogin yes > RSAAuthentication yes > > RhostsRSAAuthentication no > > StrictModes yes > UsePrivilegeSeparation yes > Subsystem sftp /usr/libexec/openssh/sftp-serverOct 24 08:08:54 > mail sshd[18340]: debug1: Client protocol version 2.0; client software > version OpenSSH_4.0 > > > > X11DisplayOffset 10 > X11Forwarding no > KeepAlive yes > PrintMotd yes > > > SyslogFacility AUTH > LogLevel DEBUG3 > > Which gives me this: > > Oct 24 08:08:54 mail sshd[18340]: debug1: match: OpenSSH_4.0 pat OpenSSH* > Oct 24 08:08:54 mail sshd[18340]: debug1: Enabling compatibility mode > for protocol 2.0 > Oct 24 08:08:54 mail sshd[18340]: debug1: Local version string > SSH-1.99-OpenSSH_3.7.1p1 > Oct 24 08:08:54 mail sshd[18340]: debug2: Network child is on pid 18341 > Oct 24 08:08:54 mail sshd[18340]: debug3: preauth child monitor started > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 0 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_moduli: got > parameters: 1024 1024 8192 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 1 > Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 0 used once, > disabling now > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 4 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_sign > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_sign: signature > 0x80a48d8(143) > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 5 > Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 4 used once, > disabling now > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 6 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_pwnamallow > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_pwnamallow: sending > MONITOR_ANS_PWNAM: 1 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 7 > Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 6 used once, > disabling now > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 43 > Oct 24 08:08:54 mail sshd[18340]: debug1: PAM: initializing for "root" > Oct 24 08:08:54 mail sshd[18340]: debug3: Trying to reverse map address > 10.1.1.161. > Oct 24 08:08:54 mail sshd[18340]: debug1: PAM: setting PAM_RHOST to > "backup.quicksoftware.co.za" > Oct 24 08:08:54 mail sshd[18340]: debug1: PAM: setting PAM_TTY to "ssh" > Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 43 used once, > disabling now > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 3 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_authserv: > service=ssh-connection, style= > Oct 24 08:08:54 mail sshd[18340]: debug2: monitor_read: 3 used once, > disabling now > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 20 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_keyallowed entering > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_keyallowed: > key_from_blob: 0x80a8040 > Oct 24 08:08:54 mail sshd[18340]: debug1: temporarily_use_uid: 0/0 (e=0/0) > Oct 24 08:08:54 mail sshd[18340]: debug1: trying public key file > /root/.ssh/authorized_keys > Oct 24 08:08:54 mail sshd[18340]: debug1: restore_uid: 0/0 > Oct 24 08:08:54 mail sshd[18340]: debug1: temporarily_use_uid: 0/0 (e=0/0) > Oct 24 08:08:54 mail sshd[18340]: debug1: trying public key file > /root/.ssh/authorized_keys2 > Oct 24 08:08:54 mail sshd[18340]: debug1: restore_uid: 0/0 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_keyallowed: key > 0x80a8040 is disallowed > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 21 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 46 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_pam_init_ctx > Oct 24 08:08:54 mail sshd[18342]: debug3: ssh_msg_send: type 1 > Oct 24 08:08:54 mail sshd[18342]: debug3: ssh_msg_recv entering > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 47 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > Oct 24 08:08:54 mail sshd[18340]: debug3: monitor_read: checking request 48 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_answer_pam_query > Oct 24 08:08:54 mail sshd[18340]: debug3: ssh_msg_recv entering > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_send entering: type 49 > Oct 24 08:08:54 mail sshd[18340]: debug3: mm_request_receive entering > > > I get the following on the backup server: > > debug1: Host 'mail' is known and matches the RSA host key. > debug1: Found key in /home/backuppc/.ssh/known_hosts:1 > debug2: bits set: 520/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/backuppc/.ssh/identity ((nil)) > debug2: key: /home/backuppc/.ssh/id_rsa (0x9d67848) > debug2: key: /home/backuppc/.ssh/id_dsa ((nil)) > debug1: Authentications that can continue: publickey,keyboard-interactive > debug3: start over, passed a different list publickey,keyboard-interactive > debug3: preferred gssapi-with-mic,hostbased,publickey,keyboard-interactive > debug3: authmethod_lookup publickey > debug3: remaining preferred: keyboard-interactive > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /home/backuppc/.ssh/identity > debug3: no such identity: /home/backuppc/.ssh/identity > debug1: Offering public key: /home/backuppc/.ssh/id_rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Trying private key: /home/backuppc/.ssh/id_dsa > debug3: no such identity: /home/backuppc/.ssh/id_dsa > debug2: we did not send a packet, disable method > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: > debug3: authmethod_is_enabled keyboard-interactive > debug1: Next authentication method: keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Password: > > > Any fundi's out there that can help me? > > Alex > > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. > Get Certified Today * Register for a JBoss Training Course > Free Certification Exam for All Training Attendees Through End of 2005 > Visit http://www.jboss.com/services/certification for more information > _______________________________________________ > BackupPC-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/backuppc-users > http://backuppc.sourceforge.net/ > ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ BackupPC-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
