subject:"\[BackupPC\-users\] ssh and Mac 10.12 Sierra"

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

2016-12-02 Thread Holger Parplies

Hi,

Adam Goryachev wrote on 2016-11-30 09:03:01 +1100 [Re: [BackupPC-users] ssh and 
Mac 10.12 Sierra]:
> [...]
> > After permitting root log in the sshd_config file, [...] I could do
> > an ssh from the BPC server to the mac without password.

that is correct - if you are using the root user, root login needs to be
*allowed*. It can be forbidden altogether in /etc/ssh/sshd_config (on Linux
systems, path may vary on other systems), and that would prevent backups
from working. I have no idea how MacOS/X sets this up by default, but it's
definitely a thing to check.

> > [...] However, it quit quickly, with an ???Unable to read 4 bytes error.???
> However, when I set the client name alias to the ip address, it seems to
> have taken. It has been running a backup for 10 minutes, so hopefully that
> is it.

That is strange. The only things I could think of to explain this would be
either a messed up ~backuppc/.ssh/config or messed up DNS resolution,
resulting in BackupPC contacting the wrong server or using the wrong options
when you specify the host name, both of which sound unlikely.

> I would suggest that you revert the ssd_config so that you can benefit 
> from the improved security of rejecting password based root login. 

The thing to note here is that /etc/ssh/sshd_config (or wherever that may
be on MacOS/X) should probably contain

PermitRootLogin without-password

whereas

PermitRootLogin no

*will not work* (for you, that is; people using a different account combined
with 'sudo' can even use this setting).

PermitRootLogin yes

will work but may be less secure. If *you* don't *need* it, don't use it.
***BackupPC does not need or even use it in any case.***

There is a fourth variant which could also be used with BackupPC, but *it
would require additional setup*:

PermitRootLogin forced-commands-only

Since BackupPC may generate different argument lists to rsync, and ssh forced
commands only allow one fixed argument string, you would need a wrapper script
to accommodate for this case. If you don't understand what I'm talking about,
just ignore it and set PermitRootLogin to without-password. I'm just
mentioning it, because sshd_config(5) expressly says

 If this option is set to ``forced-commands-only'', root login
 with public key authentication will be allowed, but only if the
 command option has been specified (which may be useful for taking
 remote backups even if root login is normally not allowed).

This is correct, but, again, will require additional configuration.

To sum it up:

PermitRootLogin
yes .. ok, less secure
no ... not ok
without-password . ok, recommended setting
forced-commands-only . not ok without additional consideration/configuration

Hope that helps.

Regards,
Holger

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

2016-11-29 Thread Adam Goryachev

On 30/11/16 07:57, Michael Conner wrote:
> On Nov 29, 2016, at 2:22 PM, Michael Stowe 
>  wrote:
>> On 2016-11-29 13:54, Michael Conner wrote:
>>> It was just an upgrade from 10.11, with which I had no problem. It was
>>> running 10.11 when I redid the server to Centos 7 and the key exchange
>>> worked ok. What I don’t get is why I can’t manually ssh into root but
>>> I can into another user. Until that changes, I don’t know if I also
>>> have a key problem. This is beyond me and I have yet to find anything
>>> on web with this problem. I have no Linux background, I’ve just picked
>>> stuff up as I needed it for getting BPC to work.
>>> Mike
 On Nov 29, 2016, at 11:58 AM, Phil Kennedy 
  wrote:
 How far of a jump in upgrade did you make to get to Sierra?
 Apple switched over the sshd_config to use Authorized_keys rather than 
 Authorized_keys2 as the home for trusted keypairs several versions ago. 
 Verify that your sshd config is really doing what you are expecting it to 
 do. WRT key based authentication.
 ~Phil
 On Nov 29, 2016 11:42 AM, "Michael Conner"  wrote:
 I maintain a BackupPC system for our small museum, backing up about 10 
 computers, mostly Windows. BPC is version 3.3.1, running on Centos 7. I 
 just upgraded to Centos 7 earlier this year and got everything working 
 again ok. The one Mac I backup (mine) was just upgraded to 10.12 Sierra 
 and I can no longer get BPC to connect to it. In the past I’ve been able 
 to copy a key using ssh-copy-id -i .ssh/id_dsa.pub root@host_to_backup (at 
 least I think this is the command I’ve used, its from from a tutorial on 
 setting up BPC in Centos).
 I’ve seen some stuff on the web about differences in keys in Sierra, but 
 what puzzles me most is that I can’t ssh to root on the Mac now. When I 
 try to ssh to it from the BPC server, it keeps asking for the password and 
 ultimately fails. I can ssh into another user, just not root. Has anyone 
 successfully gotten BPC to work with Sierra using rsync and a key?
 Mike Conner
>> Yes, of course.  I run Sierra and BackupPC -- I suspect the clue is in your 
>> "id_dsa.pub."  DSA keys have been deprecated in favor of RSA keys.  I can't 
>> say that this is definitively your issue, as I haven't bothered trying to 
>> set up old DSA keys just to test the theory, but I'd recommend trying it 
>> with RSA keys instead, since that certainly works as expected.
> After permitting root log in the sshd_config file, I changed "ssh-keygen -t 
> dsa” to "ssh-keygen -t rsa” and did the key copy with "ssh-copy-id -i 
> .ssh/id_rsa.pub root@host_to_backup” Then I could do an ssh from the BPC 
> server to the mac without password. At first I thought everything was ok as I 
> started a full backup and it got an xfer PID. However, it quit quickly, with 
> an “Unable to read 4 bytes error.” However, when I set the client name alias 
> to the ip address, it seems to have taken. It has been running a backup for 
> 10 minutes, so hopefully that is it.
>
> Thanks for your help.
>
> Mike

Hi Mike,
I would suggest that you revert the ssd_config so that you can benefit 
from the improved security of rejecting password based root login. 
BackupPC will use key based logins, and so is not affected by this 
configuration.

Regards,
Adam


-- 
Adam Goryachev Website Managers www.websitemanagers.com.au

--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

2016-11-29 Thread Michael Conner

After permitting root log in the sshd_config file, I changed "ssh-keygen -t 
dsa” to "ssh-keygen -t rsa” and did the key copy with "ssh-copy-id -i 
.ssh/id_rsa.pub root@host_to_backup” Then I could do an ssh from the BPC server 
to the mac without password. At first I thought everything was ok as I started 
a full backup and it got an xfer PID. However, it quit quickly, with an “Unable 
to read 4 bytes error.” However, when I set the client name alias to the ip 
address, it seems to have taken. It has been running a backup for 10 minutes, 
so hopefully that is it.

Thanks for your help.

Mike

> On Nov 29, 2016, at 2:22 PM, Michael Stowe  
> wrote:
> 
> On 2016-11-29 13:54, Michael Conner wrote:
>> It was just an upgrade from 10.11, with which I had no problem. It was
>> running 10.11 when I redid the server to Centos 7 and the key exchange
>> worked ok. What I don’t get is why I can’t manually ssh into root but
>> I can into another user. Until that changes, I don’t know if I also
>> have a key problem. This is beyond me and I have yet to find anything
>> on web with this problem. I have no Linux background, I’ve just picked
>> stuff up as I needed it for getting BPC to work.
>> Mike
>>> On Nov 29, 2016, at 11:58 AM, Phil Kennedy 
>>>  wrote:
>>> How far of a jump in upgrade did you make to get to Sierra?
>>> Apple switched over the sshd_config to use Authorized_keys rather than 
>>> Authorized_keys2 as the home for trusted keypairs several versions ago. 
>>> Verify that your sshd config is really doing what you are expecting it to 
>>> do. WRT key based authentication.
>>> ~Phil
>>> On Nov 29, 2016 11:42 AM, "Michael Conner"  wrote:
>>> I maintain a BackupPC system for our small museum, backing up about 10 
>>> computers, mostly Windows. BPC is version 3.3.1, running on Centos 7. I 
>>> just upgraded to Centos 7 earlier this year and got everything working 
>>> again ok. The one Mac I backup (mine) was just upgraded to 10.12 Sierra and 
>>> I can no longer get BPC to connect to it. In the past I’ve been able to 
>>> copy a key using ssh-copy-id -i .ssh/id_dsa.pub root@host_to_backup (at 
>>> least I think this is the command I’ve used, its from from a tutorial on 
>>> setting up BPC in Centos).
>>> I’ve seen some stuff on the web about differences in keys in Sierra, but 
>>> what puzzles me most is that I can’t ssh to root on the Mac now. When I try 
>>> to ssh to it from the BPC server, it keeps asking for the password and 
>>> ultimately fails. I can ssh into another user, just not root. Has anyone 
>>> successfully gotten BPC to work with Sierra using rsync and a key?
>>> Mike Conner
> 
> Yes, of course.  I run Sierra and BackupPC -- I suspect the clue is in your 
> "id_dsa.pub."  DSA keys have been deprecated in favor of RSA keys.  I can't 
> say that this is definitively your issue, as I haven't bothered trying to set 
> up old DSA keys just to test the theory, but I'd recommend trying it with RSA 
> keys instead, since that certainly works as expected.


--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

2016-11-29 Thread Michael Conner

Some more internet searching cleared up the root ssh problem. PermitRootLogin 
in sshd_config was set to the default of prohibit password. I got that changed 
to allow root login with password. However, now I am at the point of needing to 
get the key working properly. I’m not much of a linux maven, just picked stuff 
up as I needed it to get BPC running.

Phil, do you know how to edit sshd_config to get things working right?

Mike


> On Nov 29, 2016, at 11:58 AM, Phil Kennedy 
>  wrote:
> 
> How far of a jump in upgrade did you make to get to Sierra?
> 
> Apple switched over the sshd_config to use Authorized_keys rather than 
> Authorized_keys2 as the home for trusted keypairs several versions ago. 
> Verify that your sshd config is really doing what you are expecting it to do. 
> WRT key based authentication.
> ~Phil 
> 
> 
> On Nov 29, 2016 11:42 AM, "Michael Conner"  wrote:
> I maintain a BackupPC system for our small museum, backing up about 10 
> computers, mostly Windows. BPC is version 3.3.1, running on Centos 7. I just 
> upgraded to Centos 7 earlier this year and got everything working again ok. 
> The one Mac I backup (mine) was just upgraded to 10.12 Sierra and I can no 
> longer get BPC to connect to it. In the past I’ve been able to copy a key 
> using ssh-copy-id -i .ssh/id_dsa.pub root@host_to_backup (at least I think 
> this is the command I’ve used, its from from a tutorial on setting up BPC in 
> Centos).
> 
> I’ve seen some stuff on the web about differences in keys in Sierra, but what 
> puzzles me most is that I can’t ssh to root on the Mac now. When I try to ssh 
> to it from the BPC server, it keeps asking for the password and ultimately 
> fails. I can ssh into another user, just not root. Has anyone successfully 
> gotten BPC to work with Sierra using rsync and a key?
> 
> Mike Conner
> 
> 
> 
> --
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
> --
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/


--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

2016-11-29 Thread Michael Stowe

On 2016-11-29 13:54, Michael Conner wrote:
> It was just an upgrade from 10.11, with which I had no problem. It was
> running 10.11 when I redid the server to Centos 7 and the key exchange
> worked ok. What I don’t get is why I can’t manually ssh into root but
> I can into another user. Until that changes, I don’t know if I also
> have a key problem. This is beyond me and I have yet to find anything
> on web with this problem. I have no Linux background, I’ve just picked
> stuff up as I needed it for getting BPC to work.
> 
> Mike
> 
>> On Nov 29, 2016, at 11:58 AM, Phil Kennedy 
>>  wrote:
>> 
>> How far of a jump in upgrade did you make to get to Sierra?
>> 
>> Apple switched over the sshd_config to use Authorized_keys rather than 
>> Authorized_keys2 as the home for trusted keypairs several versions 
>> ago. Verify that your sshd config is really doing what you are 
>> expecting it to do. WRT key based authentication.
>> ~Phil
>> 
>> 
>> On Nov 29, 2016 11:42 AM, "Michael Conner"  wrote:
>> I maintain a BackupPC system for our small museum, backing up about 10 
>> computers, mostly Windows. BPC is version 3.3.1, running on Centos 7. 
>> I just upgraded to Centos 7 earlier this year and got everything 
>> working again ok. The one Mac I backup (mine) was just upgraded to 
>> 10.12 Sierra and I can no longer get BPC to connect to it. In the past 
>> I’ve been able to copy a key using ssh-copy-id -i .ssh/id_dsa.pub 
>> root@host_to_backup (at least I think this is the command I’ve used, 
>> its from from a tutorial on setting up BPC in Centos).
>> 
>> I’ve seen some stuff on the web about differences in keys in Sierra, 
>> but what puzzles me most is that I can’t ssh to root on the Mac now. 
>> When I try to ssh to it from the BPC server, it keeps asking for the 
>> password and ultimately fails. I can ssh into another user, just not 
>> root. Has anyone successfully gotten BPC to work with Sierra using 
>> rsync and a key?
>> 
>> Mike Conner

Yes, of course.  I run Sierra and BackupPC -- I suspect the clue is in 
your "id_dsa.pub."  DSA keys have been deprecated in favor of RSA keys.  
I can't say that this is definitively your issue, as I haven't bothered 
trying to set up old DSA keys just to test the theory, but I'd recommend 
trying it with RSA keys instead, since that certainly works as expected.

--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

2016-11-29 Thread Michael Conner

It was just an upgrade from 10.11, with which I had no problem. It was running 
10.11 when I redid the server to Centos 7 and the key exchange worked ok. What 
I don’t get is why I can’t manually ssh into root but I can into another user. 
Until that changes, I don’t know if I also have a key problem. This is beyond 
me and I have yet to find anything on web with this problem. I have no Linux 
background, I’ve just picked stuff up as I needed it for getting BPC to work. 

Mike

> On Nov 29, 2016, at 11:58 AM, Phil Kennedy 
>  wrote:
> 
> How far of a jump in upgrade did you make to get to Sierra?
> 
> Apple switched over the sshd_config to use Authorized_keys rather than 
> Authorized_keys2 as the home for trusted keypairs several versions ago. 
> Verify that your sshd config is really doing what you are expecting it to do. 
> WRT key based authentication.
> ~Phil 
> 
> 
> On Nov 29, 2016 11:42 AM, "Michael Conner"  wrote:
> I maintain a BackupPC system for our small museum, backing up about 10 
> computers, mostly Windows. BPC is version 3.3.1, running on Centos 7. I just 
> upgraded to Centos 7 earlier this year and got everything working again ok. 
> The one Mac I backup (mine) was just upgraded to 10.12 Sierra and I can no 
> longer get BPC to connect to it. In the past I’ve been able to copy a key 
> using ssh-copy-id -i .ssh/id_dsa.pub root@host_to_backup (at least I think 
> this is the command I’ve used, its from from a tutorial on setting up BPC in 
> Centos).
> 
> I’ve seen some stuff on the web about differences in keys in Sierra, but what 
> puzzles me most is that I can’t ssh to root on the Mac now. When I try to ssh 
> to it from the BPC server, it keeps asking for the password and ultimately 
> fails. I can ssh into another user, just not root. Has anyone successfully 
> gotten BPC to work with Sierra using rsync and a key?
> 
> Mike Conner
> 
> 
> 
> --
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
> --
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/


--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

2016-11-29 Thread Phil Kennedy

How far of a jump in upgrade did you make to get to Sierra?

Apple switched over the sshd_config to use Authorized_keys rather than
Authorized_keys2 as the home for trusted keypairs several versions ago.
Verify that your sshd config is really doing what you are expecting it to
do. WRT key based authentication.
~Phil

On Nov 29, 2016 11:42 AM, "Michael Conner"  wrote:

> I maintain a BackupPC system for our small museum, backing up about 10
> computers, mostly Windows. BPC is version 3.3.1, running on Centos 7. I
> just upgraded to Centos 7 earlier this year and got everything working
> again ok. The one Mac I backup (mine) was just upgraded to 10.12 Sierra and
> I can no longer get BPC to connect to it. In the past I’ve been able to
> copy a key using ssh-copy-id -i .ssh/id_dsa.pub root@host_to_backup (at
> least I think this is the command I’ve used, its from from a tutorial on
> setting up BPC in Centos).
>
> I’ve seen some stuff on the web about differences in keys in Sierra, but
> what puzzles me most is that I can’t ssh to root on the Mac now. When I try
> to ssh to it from the BPC server, it keeps asking for the password and
> ultimately fails. I can ssh into another user, just not root. Has anyone
> successfully gotten BPC to work with Sierra using rsync and a key?
>
> Mike Conner
>
>
>
> 
> --
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
>
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

Re: [BackupPC-users] ssh and Mac 10.12 Sierra

7 matches

Site Navigation

Mail list logo

Footer information