On Thu, Jan 08, 2009 at 06:00:10PM -0500, Kenneth L. Owen wrote: > 1. Ubuntu uses sudo and does not have root logon setup by default. I > gave root a logon password.
Root does not need a password for key-based ssh access. You might need to enable PermitRootLogin in /etc/ssh/sshd_config though - it might be disabled. > 2. Fedora did not give backuppc user a password, but Ubuntu does. > 3. To perform work as user backuppc, in Fedora as root I had to use the > command 'su -s /bin/bash - backuppc', but on Ubuntu as root, I think it is > simply 'su backuppc'. Depends on how the backuppc user is set up (whether it's got a shell in /etc/passwd) > I worked through the key generation process (trotting back and forth between > machines) and all seemed to work exactly as it should all the way up to the > test of the result. When I enter the command > > ssh -l root winserver whoami or ssh -l root > 192.168.1.101 whoami > > it asks for root password. That's not related to your server's root account! Not in any way! You actually don't need to mess with the BackupPC's root account. Look at your winserver's ssh log messages (they might even show up in the eventlog). > I captured a transcript of the commands as run and excerpts follow. - ken > > k...@archiver:~$ sudo apt-get install rsync ssh openssh-server > > -----download details deleted. > > Setting up ssh (1:4.7p1-8ubuntu1.2) ... You shouldn't need an ssh server on the BackupPC server for backup purposes. (It's usually handy for administration anyway, I just want to make things clear for your setup.) > r...@archiver:/var/lib/backuppc/.ssh# su backuppc > > $ whoami > backuppc > > $ cd /var/lib/backuppc/.ssh > $ ls -al > total 8 > drwx------ 2 backuppc backuppc 4096 2009-01-08 13:25 . > drwxr-xr-x 9 backuppc backuppc 4096 2009-01-08 12:46 .. > > $ ssh-keygen -t rsa > Generating public/private rsa key pair. > Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa): > Enter passphrase (empty for no passphrase): > Enter same passphrase again: > Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa. > Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub. > The key fingerprint is: > 37:b9:95:9a:2a:1a:c0:f5:97:2a:ad:f8:3f:4d:66:69 backu...@archiver > $ cp id_rsa.pub BackupPC_id_rsa.pub > > $ scp BackupPC_id_rsa.pub r...@192.168.1.101:/root/.ssh/ > The authenticity of host '192.168.1.101 (192.168.1.101)' can't be > established. > RSA key fingerprint is 71:a1:03:7d:fb:b9:87:1f:32:c7:a3:46:d0:81:2d:af. > Are you sure you want to continue connecting (yes/no)? yes > Warning: Permanently added '192.168.1.101' (RSA) to the list of known hosts. > r...@192.168.1.101's password: > BackupPC_id_rsa.pub 100% 399 > 0.4KB/s 00:00 Here you copied the generated public key file to your winserver's .ssh directory. You did not tell the winserver to actually accept that key automatically. To achieve this, you need to add the key's contents (it's just one line of text) to the /root/.ssh/authorized_keys file. > $ chmod -R go-rwx /var/lib/backuppc/.ssh The client side shouldn't matter. > $ ssh -l root 192.168.1.101 whoami > r...@192.168.1.101's password: <== Shouldn't get this, but when entered It's correct that you've got the prompt - see above. To sum things up: For the ssh part of your setup, the winserver is the ssh server and the backup server is the ssh client. The ssh server will accept clients which authenticate by either password or an ssh key which public part is found in the user's authorized_keys file. The ssh command on the client will try to authenticate via a public key found in .ssh/id_rsa.pub or .ssh/id_dsa.pub (details vary depending on ssh config). So, what you need is 1. public/private key pair on BackupPC server in ~backuppc/.ssh/ 2. public key on winserver in ~root/.ssh/authorized_keys HTH, Tino. -- "What we nourish flourishes." - "Was wir nähren erblüht." www.lichtkreis-chemnitz.de www.craniosacralzentrum.de ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/