Paul Fox wrote at about 12:46:18 -0400 on Saturday, July 22, 2023: > Kenneth Porter wrote: > > I'm setting up some Raspberry Pis and I set up BackupPC to back them up > > using ssh+rsync. I installed the key in ~backuppc/.ssh/authorized_keys > but > > the initial backup was still failing. > > Unless things have changed (and they might have, but I still do it > this way), then the public key needs to go into /root/.ssh/authorized_keys. > Backuppc (on your backuppc server) needs root access to the client in > order to be able to read all of the files it needs. (You could use a > different user id on the client if you're sure that user can read all > the files which need to be backed up.)
On my Linux machines (including RPis), I prefer to create a seaparate backuppc client account and then give it the necessary restricted privileges using sudo. For example, I add this to my etc/sudoers file on each relevant Linux client: #BackupPC #Don't require tty for user 'backuppcClient' Defaults:backuppcClient !requiretty #Allow user 'backuppcClient' to run sudo rsync to avoid need for ssh root@localhost: #Note for rsync < 3.1.x, string to sender can be either: -slHogDtpAXrcxe.iLsf (full) or -slHogDtpAXrxe.iLsf (incremental) #backuppcClient ALL=NOPASSWD: /usr/bin/rsync --server --sender -slHogDtpAXrxe.iLsf, /usr/bin/rsync --server --sender -slHogDtpAXrcxe.iLsf #Note for rsync >= 4.x, string to sender can be either: -slHogDtpAXrcxe.iLsfxC (full) or -slHogDtpAXrxe.iLsfxC (incremental) backuppcClient ALL=NOPASSWD: /usr/bin/rsync --server --sender -slHogDtpAXrxe.iLsfxC, /usr/bin/rsync --server --sender -slHogDtpAXrcxe.iLsfxC While allowing root permissions to rsync is a pretty big security hole itself, it is a little less drastic than simply logging in as root. > > > So I tried manually ssh'ing into the > > Pi and discovered I was hitting the question to add the Pi to > known_hosts. > > I don't see this mentioned in the documentation. I'm not sure where it > > would even go, but I wanted to mention it as I'll likely forget this a > year > > from now. > > You should be trying to manually ssh from the backuppc account, and > you should be trying to become root on the client. I usually do this: > > sudo su - backuppc # take on the identity of backuppc > ssh root@clientmachine # log in to the client as root > id # verify identity on client > exit # leave the client > exit # resume your normal identity > If you use my approach, then you would: ssh backuppcClient@clientmachine > When you hit that "add to known hosts?" question from ssh, just answer > "yes". ssh will put the key in the right place (which is in > ~backuppc/ssh/known_hosts). Don't forget to exit out of both the ssh > and the "sudo su" after you've tested. > > paul > =---------------------- > paul fox, p...@foxharp.boston.ma.us (arlington, ma, where it's 73.1 degrees) > > > > _______________________________________________ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: https://github.com/backuppc/backuppc/wiki > Project: https://backuppc.github.io/backuppc/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
