Hi, Mauro Condarelli wrote on 2014-11-07 22:45:53 +0100 [Re: [BackupPC-users] Unable to read 4 bytes]: > [...] > What follows is what I use to setup a key exchange,
I don't believe that's completely true ;-). > obviously there are zillions ways to do the same. > > backuppc@server:~$ scp .ssh/id_dsa mcon@mailgate:/tmp/backu...@server.key Actually, you need the *public* key on the client (".ssh/id_dsa.pub"), not the private key. More than that, you *should not have* the private key on the client machine. Conceptionally, possession of the private key is considered as proof for being the legitimate BackupPC server. The client machine isn't the legitimate BackupPC server, so it shouldn't be able to prove it is :-). Additionally, I would advise against temporarily storing the key - even the public key - in /tmp. You are later going to do (and this only makes sense if it actually was the public key you transferred) ... > [...] > root@mailgate:~/.ssh# cat /tmp/backuppc\@server.key >>authorized_keys So, while the public key is not sensitive information (you could theoretically post it on this list, though there is no point in actually doing that), anyone who might have been able to *modify* it in the mean time (e.g. symlink attack) would be tricking you into putting *his* key into root's authorized_keys, thereby gaining root access to the machine. Strictly speaking, we should also make sure root's authorized_keys file is not writable for group and others. Usually, root's umask and/or the pre-existance of the file will take care of this, but it *is* something that would prevent public key authentication from working. > At this point You should be able to do: backuppc@server:~$ ssh root@mailgate /bin/true backuppc@server:~$ (this is my preferred example, because it also tests that no extraneous output is generated). Regards, Holger ------------------------------------------------------------------------------ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/