On 15/05/17 10:56, Bob Katz wrote:
Les wrote:
"Normally the key goes in root's home directory under
.ssh/authorized_keys. That 'ssh-copy-id' command is a shell script
if you want to see what it does. Maybe you find wherever root's home
directory is in the sandbox environment and make a copy there."
I see that script does something with *.pub" and perhaps it puts it
into the text file authorized_keys. That's the file that ends up on
the Thecus inside /root/.ssh. I've kind of verified that ssh is
running as a process on the Thecus.
So I'm (potentially) giving up... it could be the Thecus or it could
be me. I implemented the Thecus basic ssh daemon (which deals with
root ssh access) and disabled the module's special ssh daemon. I used
Richard's advice and dis ssh-copy-id
Well, I've tried and tried, deleting files on both server and client,
and I keep on dealing with this error: sign_and_send_pubkey: signing
failed: agent refused operation
So basically I'm giving up.
Les also wrote:
"If not, and you end up using rsyncd instead, just change the
$Conf{XferMethod} to rsyncd instead of rsync."
Looks like rsyncd is my option for the Thecus. I'm so sorry, too. I
feel I'm close to conquering the key issue, but so far :-(.
If you want to try further, I'd suggest a three phase process:
1) Manually ssh from the backuppc user on your backuppc host to your Thecus:
sudo -s /bin/bash backuppc
ssh root@thecus
Make sure you use the same name that you used for backuppc, if you can't
get this to work (with a password), then you probably need to adjust
some SSH settings (eg, the thecus might be using weak ciphers only,
which your newer backuppc host may reject by default, add -v to the ssh
command for some more details).
2) Copy the key to the "live" temporary storage on the Thecus
On the backuppc host, still as the backuppc user:
cd ~/.ssh
cat *.pub
Then, copy the content shown (mouse copy+paste if you can)
ssh root@thecus
echo "pasted content" >> .ssh/authorized_keys
Make sure to use >> or you will overwrite the old content, >> means
append, or add to the end of the file.
Also, check the content of the authorized_keys file to ensure there are
not blank lines etc
Now, try to ssh root@thecus and you should not need to enter a password.
If this doesn't work, then you might need to chase it up with a thecus
community for more details.
3) Make the authorized_keys change permanent
In these type of environments, there is usually a special command to
tell the system to commit this file to permanent storage. You might need
to remount that partition as read-write first, and then just copy the
file there, but hopefully you have some instructions or idea on how to
change a file permanently.
reboot to make sure the change does survive.
Ultimately, the only difference between rsyncd and rsync + ssh is that
rsyncd will send all the data including username/password un-encrypted
over the network. Depending on your network, you may decide whether this
is a problem or not. Note: the encryption for SSH will likely slow down
the backup (potentially a lot) since the CPU on these devices tends to
be rather limited, thus rsyncd might be a better choice. You may also
choose a specific cipher (with less protection, but less CPU
requirement) if you get ssh + rsync working.
Regards,
Adam
On Sun, May 14, 2017 at 6:05 PM, Les Mikesell <[email protected]
<mailto:[email protected]>> wrote:
On Sun, May 14, 2017 at 4:43 PM, Bob Katz <[email protected]
<mailto:[email protected]>> wrote:
>
> Again, you're a godsend. I can root ssh to the Thecus!
>
> But I wish exchanging keys were that simple with the Thecus NAS.
The Thecus
> has a sandboxed operating system. Anything below /raid will be
eaten up on
> reboot. To do keys you have to use a module called FajoSSHD
that's located
> here on the Thecus:
>
> Office-MacBook-Pro:~ bobkatz$ ssh [email protected]
<mailto:[email protected]>
>
> N6850:~# cd /raid/data/module/FaJoSSHD
> # ls
> cgi-bin/ log.txt Shell/ system/ www/
> COPY shell@ sys/ VERSION
> N6850:/raid/data/module/FaJoSSHD#
>
> I know that FajoSSHD keeps authorized keys in here:
>
> N6850:/raid/data/module/FaJoSSHD/system/etc/ssh/users/root# ls
> authorized_keys
>
> But I cannot figure out where the public key you want me to
transfer should
> go. Would it go into that same directory? If not, I can explore
any other
> directories. Somewhere in this hierarchy I need to put the key
which I
> generated on my Fedora server.
>
> I'm going to try your code and see if I can get it to work using
the above
> url. Stand by.
>
Normally the key goes in root's home directory under
.ssh/authorized_keys. That 'ssh-copy-id' command is a shell script
if you want to see what it does. Maybe you find wherever root's home
directory is in the sandbox environment and make a copy there.
If not, and you end up using rsyncd instead, just change the
$Conf{XferMethod} to rsyncd instead of rsync.
--
Les Mikesell
[email protected] <mailto:[email protected]>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
[email protected]
<mailto:[email protected]>
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
<https://lists.sourceforge.net/lists/listinfo/backuppc-users>
Wiki: http://backuppc.wiki.sourceforge.net
<http://backuppc.wiki.sourceforge.net>
Project: http://backuppc.sourceforge.net/
<http://backuppc.sourceforge.net/>
--
--
Bob Katz 407-831-0233 DIGITAL DOMAIN | "There are two kinds of fools,
Recording, Mastering, Manufacturing | One says-this is old and
therefore good. Author: *Mastering Audio *| The other says-this is new
and thereforeDigital Domain Website <http://www.digido.com/> |
better." No trees were killed in the sending of this message. However
a large number of electrons were terribly inconvenienced.*No more
Plaxo, Linked-In, or any of the other time-suckers. Please contact me
by regular email. Yes, we have a facebook page and a You-Tube site!*
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
[email protected]
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
--
Adam Goryachev Website Managers www.websitemanagers.com.au
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
[email protected]
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
