Ok,
let's try to start from beginning and clarify some terminology, so we
can understand each other.
On 11/07/2014 08:58 PM, tschmid4 wrote:
Not concerned at all.
I'd rather start from scratch at this point if it's possible.
I've made a list of which servers can connect to others and for the
most part, they can connect with a few stray disconnects.
To start with a clean slate, would I SSH into the backup server and
SSH to each Linux machine I wanted to connect to ?
YES.
You need to became the user that "owns" BackupPC.
If You haven't the BackupPC server in fron of you You can ssh into it.
Normal way would be:
user@workstation:~$ ssh backuppc@server
Linux server 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u1 x86_64
The files...
...
backuppc@server:~$
where "backuppc" is the user that runs the server (NOT "root")
and "server is the machine where BackupPC runs.
Alternatively, if user backuppc cannot login (normal case) you can:
user@workstation:~$ ssh root@fileserver
Linux server ... ecc. ecc...
root@fserver:~# su backuppc -
sh: 0: can't access tty; job control turned off
$
Is there a process for deleting a specific line from each host file so
the server will add the correct key info for each connection?
I advise to clear completely the key cache and poll each and all the
"clients" (machines having files to send to "server").
$ mv .ssh/known_hosts .ssh/known_hosts.bad
I still can't quite wrap my head around the process because some of
what the messages tell you are to 'Add the correct host key' ....well,
which machine ?
/Add correct host key in /root/.ssh/known_hosts to get rid of this
message./
/Offending key in ~/.ssh/known_hosts:1/
/This seems to confirm You are /trying to ssh to clients while being "root".
Even if You succeed that will have no effect.
BackupPC has its own user (normally "backuppc") and will try to ssh from
*that* user, with *that* user credentials and privileges.
I know if I ever get it working it will be light a light bulb going off,
but it's mighty dark right now with the servers not backing up....
I appreciate the replies for everyone. It really keeps me going.
Being "backuppc" you should have a matched couple of keys:
backuppc@server:~# ls -l .ssh
total 32
-rw-r--r-- 1 backuppc backuppc 1203 Oct 18 02:01 authorized_keys
-rw------- 1 backuppc backuppc 1679 Oct 18 01:46 id_rsa
-rw-r--r-- 1 backuppc backuppc 406 Oct 18 01:46 id_rsa.pub
-rw-r--r-- 1 backuppc backuppc 1332 Oct 16 12:44 known_hosts.bad
If you don't have the two id_rsa/id_rsa.pub you need to create them.
NOTE: the private key *must* be *without* "passfrase", otherwise
BackupPC will NOT be able to use it.
Next start with the first "client": "workstation1".
What follows is what I use to setup a key exchange, obviously there are
zillions ways to do the same.
backuppc@server:~$ scp .ssh/id_dsa mcon@mailgate:/tmp/backu...@server.key
The authenticity of host 'mailgate (192.168.7.113)' can't be established.
ECDSA key fingerprint is 45:f5:7d:82:75:82:8f:fa:8c:25:22:9a:25:4f:26:4b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mailgate,192.168.7.113' (ECDSA) to the list
of known hosts.
mcon@mailgate's password:
id_dsa 100% 1675 1.6KB/s 00:00
backuppc@server:~$ ssh mcon@mailgate
mcon@mailgate's password:
Linux mailgate 3.2.0-4-amd64 #1 SMP Debian 3.2.54-2 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Oct 19 10:34:27 2014 from ds209.fritz.box
mcon@mailgate:~$ su -
Password:
root@mailgate:~# cd .ssh
root@mailgate:~/.ssh# cat /tmp/backuppc\@server.key >>authorized_keys
root@mailgate:~/.ssh# logout
Connection to mailgate closed.
backuppc@server:~$
At this point You should be able to do:
backuppc@server:~$ ssh root@mailgate
Linux mailgate 3.2.0-4-amd64 #1 SMP Debian 3.2.54-2 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Nov 7 22:22:14 2014 from black.fritz.box
root@mailgate:~# logout
Connection to mailgate closed.
backuppc@server:~$
Notice NO password was necessary and NO questions/confirmation either.
*This* is how it *should* be.
If You can't manually login with a simple ssh command BackupPC file
transfer won't work.
Repeat the above procedure and test for all clients.
Please note (I know, I'm repeating myself, but it's really "the"
important point):
You should be able to login from "server", being user "backuppc" into
the "client" as user "root".
HiH
Mauro
------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
