asking for root password

[Marc Fromm]

I will try changing --rsh "ssh -l root" to -e ssh root at .

On both the old server and the box pulling the backups these 3 files are in the .ssh directory in /root: authorized_keys  id_rsa  id_rsa.pub. Can I assume they are identical files on both systems?

I found an article about creating the above files:
http://blogs.sun.com/jkini/entry/how_to_scp_scp_and

To be clear, if I want to recreate the 3 files do I create them on the system running the rsync command and then copy the 3 files to the remote box?

Thanks
-----Original Message-----
From: Matthias Schniedermeyer [mailto:ms at citd.de]
Sent: Thursday, October 23, 2008 2:25 PM
To: Marc Fromm
Cc: rsync at lists.samba.org
Subject: Re: asking for root password

On 23.10.2008 13:29, Marc Fromm wrote:
> We are using rsync to pull backups created on our server.
> The command below is run as a cronjob and it works great.
> rsync -avu --rsh "ssh -l root" root at servername:/var/lib/mysql/backups/ /backups/mysql/

Normaly this should be enough:
rsync -avu -e ssh root at servername:/var/lib/mysql/backups/ /backups/mysql/

With a recent rsync even "-e ssh" isn't needed.

> We have a new server that will replace the old server that rsync pulls backups from.
> On the system that is running rsync, I switched the servername in the command above to the new server.
> Rsync is failing to work because it wants the root password for the new server.
> Rsync does not ask for a password from the old server, even when I manually run the command.
>
> I did not set up the rsync routine and thus I don't know if there is a file on the old server that rsync is communicating with to bypass asking for roots password.
>
> What is required for rsync to use the above command to pull backups from the new server, and not want root's password entered?

Most likely the backup-server uses a RSA or DSA key to authenticate.

On the old server you will find the following file in the home-directory
of the root-user (/root usually):
.ssh/authorized_keys
(in rare cases: .ssh/authorized_keys2)

The file contains a list of public-keys that are allowed to login witout
password.

Just create the directory on the new server and copy the file over.
If you copy the contents via copy & paste you have to make sure to not
break the long line(s).

You also have to make sure that either the permissions of the file and
every directory up to and including .ssh is only writable by root,
otherwise the sshd won't use the key file
(man sshd_config, Keyword: "strictmode").

The corresponding private-key can be found on your backup-server also in
.ssh directory of the home-directory of whaterver user starts the
command . The file is normally called either: id_dsa or id_rsa, if it is
called "identity" you are using SSHv1 and you should really consider
generating a new set of keys. The public key is stored in the .pub-file,
this is the long string you can seen in the authorized_keys-file.



I suggest you read/google a little bit about ssh-keys, they are one of
the best inventions since sliced bread. ;-)




Bis denn

--
Real Programmers consider "what you see is what you get" to be just as
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated,
cryptic, powerful, unforgiving, dangerous.