Hello Rob, Thanks for taking the time to look at this and reply. I am learning, but still have a ways to go before I can serve at your capacity!
I read over your reply and have a few added pieces and some questions: (All of this was the same when I successfully created the keys before the crash.) 1. Before I started setting up pass-phraseless keys for BackupPC, I had already created ssh keys that would allow me to log in remotely between the two Linux workstations as normal user 'ken'. Root logon is not allowed. Once I logon, I can su to 'root', if needed. The keys that allow this exist on both machines in /home/ken/.ssh/known_hosts. This is working fine just like it was the first time I created the backuppc keys. 2. This is a rebuild of a previously working system. This is the exact same sequence (as best as I can determine) of the first time I set up these keys. I took my directions, both times, step by step from http://www.howtoforge.com/linux_backuppc_p4 3. I also have httpd setup for secure connections between the two Linux workstations (https:). I can log into BackupPC GUI as 'ken' on "Archiver", but cannot log in to BackupPC from "WinServer" as 'ken', nor could I do so before when every thing else was working. It may be that I am not doing it correctly. In both cases, I enter "https://Archiver/BackupPC/ <enter>' into my browser's url space. 4. Your first comment "[EMAIL PROTECTED] does not need a keypair unless..." may be correct, but it was setup this way the first time and it caused no problem. 5. Your second comment "FYI, you do not need to conceal finger prints" is well taken. I was not trying to conceal so much as cut down on unneeded data and typing. 6. Your third comment was "This whole section is not needed for BackupPC. What you've done here is allowed [EMAIL PROTECTED] to log in as [EMAIL PROTECTED], and I don't think that's what you meant to do." I take it that I don't need to send (scp) the key id_rsa.pub to Archiver for BackupPC to be able to access WinServer. But I don't understand that root would be logging in as 'backuppc' user!! 7. The forth comment is where I have the most trouble following you. "Yes, because it is the fingerprint of the server (it is not user-specific). FYI, the RSA key it is referencing is in /etc/ssh/ (it's probably called ssh_host_rsa_key.pub). The first time you were asked this question, you were scp'ing as root. Now you are ssh'ing as a different user. That is why you're being asked the question again. Each user gets the opportunity to accept or reject the validity of a server's public key (by verifying that the fingerprint is correct). This information is recorded in the user's ~/.ssh/known_hosts file." I checked /etc/ssh/ and do have both ssh_host_rsa_key.pub and ssh_host_dsa_key.pub. In step 1, the fingerprint was 'fe:a0:.:7b:9e' and but that is the key generation on WinServer that you said was not needed. My mistake in referencing this. The only keys I am aware of on Archiver for this process of creating keys exist at /var/lib/BackupPC/.ssh and should be the keys used by backuppc user. When I did the scp of the Archiver key to WinServer, I was working as 'backuppc', not 'root'. When I was testing at the end, I was 'backuppc' reqesting logon to WinServer with 'root' authority, as I understand it. The last time I set up the keys, I did not get the 'password' prompt, but just got a reply of 'root' from WinServer. (Actual transcript below.) [EMAIL PROTECTED] ~]$ su - Password: [EMAIL PROTECTED] ~]# su -s /bin/bash - backuppc -bash-3.2$ ssh -l root WinServer whoami root -bash-3.2$ Does it matter if the BackupPC service is running? I think it was stopped when I created the keys this time. -----Original Message----- From: Rob Owens [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2008 10:30 AM To: General list for user discussion,questions and support Subject: Re: [BackupPC-users] I broke perfection ... Kenneth L. Owen wrote: > Back in October, I was a Linux newbie struggling to get BackupPC to work > and was successful in a very short time with the great support I got > here (Ref: Almost Working). Since then, I've monitored the system >>>> Deleted text <<<< Yes, because it is the fingerprint of the server (it is not user-specific). FYI, the RSA key it is referencing is in /etc/ssh/ (it's probably called ssh_host_rsa_key.pub). The first time you were asked this question, you were scp'ing as root. Now you are ssh'ing as a different user. That is why you're being asked the question again. Each user gets the opportunity to accept or reject the validity of a server's public key (by verifying that the fingerprint is correct). This information is recorded in the user's ~/.ssh/known_hosts file. -Rob > Are you sure you want to continue connecting (yes/no)? ^C <<<=== > ABORTED DUE TO FAILURE > > -bash-3.2$ > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/