On Sat, Nov 8, 2014 at 10:20 AM, Holger Parplies <wb...@parplies.de> wrote:
>> Mauro Condarelli wrote on 2014-11-07 22:45:53 +0100 [Re: [BackupPC-users]
>> Unable to read 4 bytes]:
>> [...]
>> What follows is what I use to setup a key exchange,
>
> I don't believe that's completely true ;-).
>
>> obviously there are zillions ways to do the same.
>>
>> backuppc@server:~$ scp .ssh/id_dsa mcon@mailgate:/tmp/backu...@server.key
>
> Actually, you need the *public* key on the client (".ssh/id_dsa.pub"), not the
> private key. More than that, you *should not have* the private key on the
> client machine. Conceptionally, possession of the private key is considered as
> proof for being the legitimate BackupPC server. The client machine isn't the
> legitimate BackupPC server, so it shouldn't be able to prove it is :-).
>
> Additionally, I would advise against temporarily storing the key - even the
> public key - in /tmp. You are later going to do (and this only makes sense if
> it actually was the public key you transferred) ...
And probably even more to the point is that most systems have an
'ssh-copy-id' script that will do it for you and get it right. The
RedHat/Centos versions even fix the SElinux contexts for you.
--
Les Mikesell
lesmikes...@gmail.com
------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
