asking for root password

Matthias Schniedermeyer ms at citd.de
Thu Oct 23 21:24:59 GMT 2008 

On 23.10.2008 13:29, Marc Fromm wrote:
> We are using rsync to pull backups created on our server.
> The command below is run as a cronjob and it works great.
> rsync -avu --rsh "ssh -l root" root at servername:/var/lib/mysql/backups/ /backups/mysql/

Normaly this should be enough:
rsync -avu -e ssh root at servername:/var/lib/mysql/backups/ /backups/mysql/

With a recent rsync even "-e ssh" isn't needed.

> We have a new server that will replace the old server that rsync pulls backups from.
> On the system that is running rsync, I switched the servername in the command above to the new server.
> Rsync is failing to work because it wants the root password for the new server.
> Rsync does not ask for a password from the old server, even when I manually run the command.
> 
> I did not set up the rsync routine and thus I don't know if there is a file on the old server that rsync is communicating with to bypass asking for roots password.
> 
> What is required for rsync to use the above command to pull backups from the new server, and not want root's password entered?

Most likely the backup-server uses a RSA or DSA key to authenticate.

On the old server you will find the following file in the home-directory 
of the root-user (/root usually):
.ssh/authorized_keys
(in rare cases: .ssh/authorized_keys2)

The file contains a list of public-keys that are allowed to login witout 
password.

Just create the directory on the new server and copy the file over.
If you copy the contents via copy & paste you have to make sure to not 
break the long line(s).

You also have to make sure that either the permissions of the file and 
every directory up to and including .ssh is only writable by root, 
otherwise the sshd won't use the key file
(man sshd_config, Keyword: "strictmode").

The corresponding private-key can be found on your backup-server also in 
.ssh directory of the home-directory of whaterver user starts the 
command . The file is normally called either: id_dsa or id_rsa, if it is 
called "identity" you are using SSHv1 and you should really consider 
generating a new set of keys. The public key is stored in the .pub-file, 
this is the long string you can seen in the authorized_keys-file.



I suggest you read/google a little bit about ssh-keys, they are one of 
the best inventions since sliced bread. ;-)




Bis denn

-- 
Real Programmers consider "what you see is what you get" to be just as 
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated, 
cryptic, powerful, unforgiving, dangerous.

More information about the rsync mailing list