1:49am, tts wrote:
> Guys I really been struggling with shh and getting backuppc to log to the
> client with no password. Done it before but just cant remember how (done it
> by luck). I just cant get my head around how the key stuff works and where
> you are suppose to generate the key? server side? were backuppc runs ? both
> machines? place the key where? I found some guides at google but its hard to
> follow when you don't know how its suppose to work.I just cant get my head
> around it. If one could make a animated video of where exactly the keys
> exchange. I will donate a reasonable amount to you or what ever oginisation
> you like. Please get back to me even if the answer is no, a yes would be
> great ;) I'm very greatfull to the backuppc creators Backuppc is simply the
> best *hands on heart*.
First, before we tackle your question:
Trim your posts. You replied to a digest, and the entire digest (which was
not relevent to your question at all) was part of your post. That just
wastes bandwidth, and clutters things up.
Be careful how you send your messages. Somehow you managed things so I got a
solid four copies of your email. One will suffice.
Now, on to your question:
The 'backuppc' user on your server ("S") needs to connect to the root
account on your client ("C").
So su to [EMAIL PROTECTED], and run ssh-keygen -t dsa
When it asks you for a passphrase, just hit enter.
You'll end up with a ~backuppc/.ssh directory with (at least) two files:
id_dsa (your private key)
id_dsa.pub (your public key)
Copy the public key to the .ssh directory of [EMAIL PROTECTED] Make sure you
rename it
first! Otherwise, you're likely to overwrite root's own public key, which
would be BAD. I recommend a name like id_dsa.pub-backuppc
Then add this key to the authorized_keys file. Safest way is:
cd ~root/.ssh #(this is on the client, remember)
cat id_dsa.pub-backuppc >> authorized_keys
(Make sure that's TWO 'greater-than's!)
Now go back to the [EMAIL PROTECTED] account, and run:
ssh -l root client (where 'client' is your client machine, of course).
When it asks you to accept the client's key, type 'yes'.
You should be logged into the client as root.
If that doesn't work, make sure root logins are not disallowed on the
server. (Usually, /etc/ssh/sshd_config). Also, check permissions on root's
.ssh directory and the authorized_keys file. ssh is picky about perms.
Repeat the copy and connect part for each client you have. Don't regenerate
your keys!
Now, there's one thing I've kind of glossed over. Doing this means that
anyone who has or can gain access to the backuppc account on your server
owns every client you have, since that account has root access to all those
machines.
You can mitigate this somewhat by using rsyncd on the client, and most
importantly, by setting up "forced commands" in your clients'
authorized_keys file. There has been some discussion on this mailing list
about that, and you can Google for the relevent terms and find plenty of
info on the subject.
Paul
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
BackupPC-users mailing list
[email protected]
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
