asking for root password
Matthias Schniedermeyer
ms at citd.de
Thu Oct 23 22:05:45 GMT 2008
On 23.10.2008 14:35, Marc Fromm wrote:
> I will try changing --rsh "ssh -l root" to -e ssh root at .
>
> On both the old server and the box pulling the backups these 3 files are in the .ssh directory in /root: authorized_keys id_rsa id_rsa.pub. Can I assume they are identical files on both systems?
No. In most cases you should have a distinct key-set of every user
and/or server. You can use the same key-set several times, but it's
usually not a good idea. And i just realized that i've written b*llshit
in my first try, because my description assumes that you copied the
existing key-set from the old to the new server.
The authorized_keys-file contains is a list of public-keys (the contents
of .pub-files), one per line that are allowed to login with the
corresponding private-key (the id_rsa or id_dsa). For a password-less
login you have to make sure that the contents of the .pub-file a given
source (the backup-server in this case) is contained in the
authorized_keys of the target-server of the ssh-connection.
So the standard way is to create a key set on the source and then append
or create the .ssh/authorized_keys with the contents of the .pub-file on
the target.
> I found an article about creating the above files:
> http://blogs.sun.com/jkini/entry/how_to_scp_scp_and
>
> To be clear, if I want to recreate the 3 files do I create them on the system running the rsync command and then copy the 3 files to the remote box?
>
> Thanks
> -----Original Message-----
> From: Matthias Schniedermeyer [mailto:ms at citd.de]
> Sent: Thursday, October 23, 2008 2:25 PM
> To: Marc Fromm
> Cc: rsync at lists.samba.org
> Subject: Re: asking for root password
>
> On 23.10.2008 13:29, Marc Fromm wrote:
> > We are using rsync to pull backups created on our server.
> > The command below is run as a cronjob and it works great.
> > rsync -avu --rsh "ssh -l root" root at servername:/var/lib/mysql/backups/ /backups/mysql/
>
> Normaly this should be enough:
> rsync -avu -e ssh root at servername:/var/lib/mysql/backups/ /backups/mysql/
>
> With a recent rsync even "-e ssh" isn't needed.
>
> > We have a new server that will replace the old server that rsync pulls backups from.
> > On the system that is running rsync, I switched the servername in the command above to the new server.
> > Rsync is failing to work because it wants the root password for the new server.
> > Rsync does not ask for a password from the old server, even when I manually run the command.
> >
> > I did not set up the rsync routine and thus I don't know if there is a file on the old server that rsync is communicating with to bypass asking for roots password.
> >
> > What is required for rsync to use the above command to pull backups from the new server, and not want root's password entered?
>
> Most likely the backup-server uses a RSA or DSA key to authenticate.
>
> On the old server you will find the following file in the home-directory
> of the root-user (/root usually):
> .ssh/authorized_keys
> (in rare cases: .ssh/authorized_keys2)
>
> The file contains a list of public-keys that are allowed to login witout
> password.
>
> Just create the directory on the new server and copy the file over.
> If you copy the contents via copy & paste you have to make sure to not
> break the long line(s).
>
> You also have to make sure that either the permissions of the file and
> every directory up to and including .ssh is only writable by root,
> otherwise the sshd won't use the key file
> (man sshd_config, Keyword: "strictmode").
>
> The corresponding private-key can be found on your backup-server also in
> .ssh directory of the home-directory of whaterver user starts the
> command . The file is normally called either: id_dsa or id_rsa, if it is
> called "identity" you are using SSHv1 and you should really consider
> generating a new set of keys. The public key is stored in the .pub-file,
> this is the long string you can seen in the authorized_keys-file.
>
>
>
> I suggest you read/google a little bit about ssh-keys, they are one of
> the best inventions since sliced bread. ;-)
>
>
>
>
> Bis denn
>
> --
> Real Programmers consider "what you see is what you get" to be just as
> bad a concept in Text Editors as it is in women. No, the Real Programmer
> wants a "you asked for it, you got it" text editor -- complicated,
> cryptic, powerful, unforgiving, dangerous.
--
Bis denn
--
Real Programmers consider "what you see is what you get" to be just as
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated,
cryptic, powerful, unforgiving, dangerous.
More information about the rsync
mailing list