Back in October, I was a Linux newbie struggling to get BackupPC to work and
was successful in a very short time with the great support I got here (Ref:
Almost Working). Since then, I've monitored the system operation and
performed two restore tests, one from a full backup and one mid-stream off
of the incremental files. The total byte count was about 75 GBytes with a
perfect score by comparison of every single byte. The BackupPC system works
GREAT!
Since the testing, I've moved on to another issue that was brought to my
attention during the work to get BackupPC working: Fedora was probably not
the best distribution of Linux to run a server function. While working with
other distro's, I goofed and trashed my perfectly running system. I have
rebuilt it up to the point of installing my ssh-keys for rsync. In as far
as I know, I'm doing the same thing as before when it worked out just fine.
This time, it all looks good during the setup, but 'backuppc' user is not
getting 'root' authority when tested. I've tried several times,
consistently getting the same result. I am hoping that someone will see
where this somewhat less of a newbie is messing up. All comments are
welcome. -- ken
Below is a transcript of the last session:
Starting on my Windows-server, I removed previous setup from /root/.ssh:
[EMAIL PROTECTED] .ssh]# rm -f *
[EMAIL PROTECTED] .ssh]# ls -al
total 16
drwx------ 2 root root 4096 2008-11-29 16:50 .
drwxr-x--- 27 root root 4096 2008-11-29 16:22 ..
Next, I generated a key-pair on the Windows-server:
[EMAIL PROTECTED] .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fe:a0: . :7b:9e [EMAIL PROTECTED] <== Ref at end
[EMAIL PROTECTED] .ssh]#
I verified the archiving host was listed in /etc/hosts:
[EMAIL PROTECTED] .ssh]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 WinServer.localdomain WinServer WinServer
::1 localhost6.localdomain6 localhost6
192.168.1.106 Archiver.localdomain Archiver <<<==== this is it
[EMAIL PROTECTED] .ssh]#
On the archiver, I removed the old configuration from
/var/lib/BackupPC/.ssh,
changed to user 'backuppc' on /var/lib/BackupPC and created a key-pair:
[EMAIL PROTECTED] .ssh]# rm -f *
[EMAIL PROTECTED] .ssh]# ls -al
total 16
drwx------ 2 backuppc root 4096 2008-11-29 16:53 .
drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..
[EMAIL PROTECTED] .ssh]# su -s /bin/bash - backuppc
-bash-3.2$ whoami
backuppc
-bash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/BackupPC/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/BackupPC/.ssh/id_rsa.
Your public key has been saved in /var/lib/BackupPC/.ssh/id_rsa.pub.
The key fingerprint is: 34:e2: . :e8:73 [EMAIL PROTECTED]
-bash-3.2$ cp ./.ssh/id_rsa.pub ./.ssh/BackupPC_id_rsa.pub
-bash-3.2$ ls ./.ssh
BackupPC_id_rsa.pub id_rsa id_rsa.pub
-bash-3.2$ scp ./.ssh/BackupPC_id_rsa.pub [EMAIL PROTECTED]:/root/.ssh/
The authenticity of host '192.168.1.101 (192.168.1.101)' can't be
established.
RSA key fingerprint is 57:e6: . :7a:c6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.101' (RSA) to the list of known hosts.
[EMAIL PROTECTED]'s password:
BackupPC_id_rsa.pub 100% 411 0.4KB/s 00:00
-bash-3.2$
Back on the Windows-server, I added BackupPC_id_rsa.pub to authorized_keys2:
[EMAIL PROTECTED] .ssh]# ls -al
total 40
drwx------ 2 root root 4096 2008-11-29 16:53 .
drwxr-x--- 27 root root 4096 2008-11-29 16:22 ..
-rw-r--r-- 1 root root 411 2008-11-29 16:53 BackupPC_id_rsa.pub
-rw------- 1 root root 1675 2008-11-29 16:50 id_rsa
-rw-r--r-- 1 root root 408 2008-11-29 16:50 id_rsa.pub
[EMAIL PROTECTED] .ssh]# cat BackupPC_id_rsa.pub >> authorized_keys2
[EMAIL PROTECTED] .ssh]#
Edited Authorized_keys2 to add 'from="Archiver.localdomain"':
[EMAIL PROTECTED] .ssh]# cat authorized_keys2
from="Archiver.localdomain" ssh-rsa AAAA . more stuff . GnuNXOxYw==
[EMAIL PROTECTED]
[EMAIL PROTECTED] .ssh]#
Sent id_rsa.pub to archiver:
[EMAIL PROTECTED] .ssh]# scp id_rsa.pub
[EMAIL PROTECTED]:/var/lib/BackupPC/.ssh/client_id_rsa.pub
The authenticity of host '192.168.1.106 (192.168.1.106)' can't be
established.
RSA key fingerprint is 01:a8:0d:1e: . :aa:10.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.106' (RSA) to the list of known hosts.
[EMAIL PROTECTED]'s password:
id_rsa.pub 100% 408 0.4KB/s 00:00
[EMAIL PROTECTED] .ssh]#
Now, on archiver:
-bash-3.2$ cat ./.ssh/client_id_rsa.pub >> ./.ssh/known_hosts
-bash-3.2$ ls ./.ssh
BackupPC_id_rsa.pub client_id_rsa.pub id_rsa id_rsa.pub known_hosts
-bash-3.2$ rm ./.ssh/client_id_rsa.pub
rm: remove write-protected regular file `./.ssh/client_id_rsa.pub'? y
-bash-3.2$ ls ./.ssh -al
total 48
drwx------ 2 backuppc root 4096 2008-11-29 17:08 .
drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..
-rw-r--r-- 1 backuppc backuppc 411 2008-11-29 16:56 BackupPC_id_rsa.pub
-rw------- 1 backuppc backuppc 1671 2008-11-29 16:55 id_rsa
-rw-r--r-- 1 backuppc backuppc 411 2008-11-29 16:55 id_rsa.pub
-rw-r--r-- 1 backuppc backuppc 803 2008-11-29 17:07 known_hosts
-bash-3.2$ chmod -R go-rwx ./.ssh
-bash-3.2$ ls ./.ssh -al
total 48
drwx------ 2 backuppc root 4096 2008-11-29 17:08 .
drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..
-rw------- 1 backuppc backuppc 411 2008-11-29 16:56 BackupPC_id_rsa.pub
-rw------- 1 backuppc backuppc 1671 2008-11-29 16:55 id_rsa
-rw------- 1 backuppc backuppc 411 2008-11-29 16:55 id_rsa.pub
-rw------- 1 backuppc backuppc 803 2008-11-29 17:07 known_hosts
... and do same chmod on Windows-server:
[EMAIL PROTECTED] .ssh]# chmod -R go-rwx .
[EMAIL PROTECTED] .ssh]# ls -al
total 64
drwx------ 2 root root 4096 2008-11-29 17:00 .
drwxr-x--- 27 root root 4096 2008-11-29 16:58 ..
-rw------- 1 root root 439 2008-11-29 16:58 authorized_keys2
-rw------- 1 root root 411 2008-11-29 16:55 authorized_keys2~
-rw------- 1 root root 411 2008-11-29 16:53 BackupPC_id_rsa.pub
-rw------- 1 root root 1675 2008-11-29 16:50 id_rsa
-rw------- 1 root root 408 2008-11-29 16:50 id_rsa.pub
-rw------- 1 root root 395 2008-11-29 17:00 known_hosts
[EMAIL PROTECTED] .ssh]#
Should be done all but the final TEST:
-bash-3.2$ ssh -l root WinServer whoami
The authenticity of host 'WinServer (192.168.1.101)' can't be established.
RSA key fingerprint is 57:e6: . :7a:c6. <== Should this be the same as
when created in step one?
Are you sure you want to continue connecting (yes/no)? ^C <<<=== ABORTED
DUE TO FAILURE
-bash-3.2$
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
