Kenneth L. Owen wrote: > On this path, my next step is to set up ssh-keys for BackupPC. > Remember, that I am a novice in Linux. I have instructions for creating > the keys but find a discrepancy between the instructions (written for > Debian) and the Fedora setup. When creating keys on the archive unit > running BackupPC, the instructions say to be logged in as user backuppc. > Fedora 8 came with BackupPC installed and almost setup to run with > directories, file permissions and a user (backuppc) in existence but set > for no logon. Do I instead work as root? -- ken >
Here's some background on how ssh keys work. There are 2 basic types of keys: keys which identify a server, and keys which are used for user authentication. Note that they are not really different in construction, only in the purpose they serve. The "identifier" keys go in /etc/ssh/some_keyfile_name and /etc/ssh/some_keyfile_name.pub and are typically created by the system when the ssh server software is installed. The "authentication" keys are created by the user and are stored in the /home/username/.ssh directory. The filenames will be something like id_rsa and id_rsa.pub. Keys are generated as "key pairs". There is a private key and a public key. The public key ends in .pub and can be distributed freely. It is not a secret. The private key is a secret, and only its owner should have access to it. Placing your public key on a remote server, inside the file /home/someuser/.ssh/authorized_keys, will allow you to log into that server as "someuser". In the case of BackupPC, the backuppc user is the one who needs to log in to other machines. Therefore the backuppc user (on the BackupPC server) is the one who needs to generate keypairs and distribute the public keys to the host servers that need to be backed up. Backups need to be run as a user who has permission to read all the files that you intend to back up. For this reason, some people have the backuppc user on the BackupPC server log in as root to the host servers. A more secure method is have the backuppc user log in as a non-root user on the host servers (it can be any username that you decide on) and give that user special permissions to read the files that need to be backed up. This is usually done using "sudo". Remember that when logging in remotely, the local username does not have to match the remote username. The backuppc user on the BackupPC server can log into the host machines as "root", "backuppc", "backupguy", "fred", or whatever you choose to set up. Hope that helps. Sometimes you need some background information to complement the step-by-step instructions you find on the internet. -Rob ******************************************************** The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this transmission in error please notify the sender immediately and then delete this e-mail. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. ******************************************************** ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/