Hi,
I'm trying to set-up an SSH tunnel between two FreeBSD machines, over a
direct cross-wire connection between the two, and I'm having issues in
doing so. The question(s) I have is/are probably not FreeBSD specific,
but still I hope someone can answer it/them...
The situation:
I have two servers (one live, and one staging/fall-back server), and
between the two of those I have set-up a local network. The live machine
is 192.168.1.1 and the fall-back machine is 192.168.1.2. Now, I have
already figured out how to synch the files using rsync, and in order to
automatically down-synch the live MySQL database to the fall-back
machine at specific times a day, I want to be able to run (from the live
server) a script that performs commands like this one:
ssh 192.168.1.2 "mysqladmin -f drop $database"
The followed approach:
In order to be able to run this as root from a cron job, without having
to type a password, I tried doing the following (which can be found all
over the Internet).
-On 192.168.1.2: as root generate a (passphrase-less) public RSA key
(i.e. ssh-keygen -t rsa), and in /etc/ssh/sshd_config add a line like
AllowUsers [EMAIL PROTECTED] olaf
-On 192.168.1.2 I created the file ~/.ssh/authorized_keys and added the
public key of 192.168.168.2 to it
The problem:
Even after doing a kill -s HUP <sshd pid> on both machines, I still
cannot SSH without being asked for a password. :(
Surely this must be something in my SSHD configuration on 192.168.1.2
(or at least so I think).
The question(s):
-Does anyone know how to properly achieve this, without opening up the
fall-back machine to the outside world (it is OK if it's open to
192.168.1.1)?
-Does anyone see anything wrong in the below (partially) listed
sshd_config options?
Additional info:
I fiddled around somewhat with /etc/ssh/sshd_config on 192.168.168.2,
and I tried various combinations of allowing disallowing the below (all
to no avail):
PermitRootLogin yes
AllowUsers [EMAIL PROTECTED] olaf
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Are these the only options that should be manipulated for this, and if
so, how? Or should I also change some of the below (or other)
sshd-config settings?
#StrictModes yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
Thanks in advance, and cheers!
Olafo
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
