Re: [BackupPC-users] sshd on client?
Holger Parplies wrote: >> > Is it not possible that running "ssh -l root " on the server >> > actually sets up the connection appropriately for BackupPC? >> >> No, it should ask for a password if it doesn't find matching keys. > > or, more clearly, no, it is completely impossible. It's *exactly* the same > as asking "isn't it possible that if I try to login as the backuppc user, > the computer will print out the password I need to complete the > procedure?". Note that I didn't say I wasn't asked for a password when giving the above command - I don't remember. What I said was that _after_ giving the command, and thereby logging in as root on the client (and then exiting) I was able to run BackupPC (through the web interface) and backup a specified directory on the client machine. As it happens, I have a laptop I just installed Fedora-10 on, so it has a clean / . I shall try what I did again (even though I am reasonably well persuaded it is not the right thing to do) and see if it works as I said it did. Actually, I have to catch a plane in 3 hours, and I see I have to "yum update" the laptop with F10 newly installed, so may not have time for this experiment. OK, I did the experiment and I confess that BackupPC did not work until I added the server's backuppc id_rsa.pub to root's authorized_keys . However, I've checked the 4 computers I have backed up successfully, and one of them does not have backuppc's id_rsa.pub in its root's authorized_keys . I'm not sure if running all the operations on the same client (ssh-ing into the server) could have confused things at one point? Possibly it confused me ... In any case, I admit the error of my ways. I have even removed the authorized_keys on the server's backuppc and this does not affect BackupPC's usage. I was right about Berlusconi, though. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Les Mikesell wrote: >> I do see what you are saying, and I will think about it. >> The instructions I followed were taken from one of the many tutorials >> I looked at. > > Where did you find one that said you had to generate keys on the clients? I didn't keep a record of what I looked at. When I say "tutorial" I include answers - possible from people who knew as little about the matter as me - to queries about setting up BackupPC. I probably looked at 50-60 of these. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Hi, Les Mikesell wrote on 2008-12-27 17:05:07 -0600 [Re: [BackupPC-users] sshd on client?]: > Timothy Murphy wrote: > >>> This seems to me rather important. > >>> Are you saying that my setup is wrong? > >> Yes, although it wouldn't work if you didn't also do it right. You can > >> have as many different keypairs as you like. > > > > I'm not sure what you are saying. > > I'm saying that making keypairs on the client won't break anything, but > they also aren't going to allow backuppc to work. > > [...] > > My humble suggestion is that you consider using the terms > > "BackupPC server" and "BackupPC client", which to my mind are unambiguous. > > You don't seem to get the point that ssh can run any command, starting > as any user and running as any user on another machine, > [...] > > Is it not possible that running "ssh -l root " on the server > > actually sets up the connection appropriately for BackupPC? > > No, it should ask for a password if it doesn't find matching keys. or, more clearly, no, it is completely impossible. It's *exactly* the same as asking "isn't it possible that if I try to login as the backuppc user, the computer will print out the password I need to complete the procedure?". You see, that is the benefit of actually *understanding* what is happening. You appreciate what of what you did was nonsense and what was necessary. You should never give instructions without that understanding, because you will be doing harm. It seems I need to repeat what I've already pointed out one last time. Without a (passwordless) private key in backuppc_server:~backuppc/.ssh/id* and the corresponding public key in backuppc_client:~whoever/.ssh/authorized_keys* automatic backups with transfer over "ssh -l whoever" *won't work*. Period. Additionally putting other keypairs elsewhere won't impair that but *will compromise security*. End of transmission. Regards, Holger -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > > > I do see what you are saying, and I will think about it. > The instructions I followed were taken from one of the many tutorials > I looked at. Where did you find one that said you had to generate keys on the clients? -- Les Mikesell lesmikes...@gmail.com -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > >>> This seems to me rather important. >>> Are you saying that my setup is wrong? >> Yes, although it wouldn't work if you didn't also do it right. You can >> have as many different keypairs as you like. > > I'm not sure what you are saying. I'm saying that making keypairs on the client won't break anything, but they also aren't going to allow backuppc to work. > I tried the instructions I gave on a laptop which hadn't been used > with BackupPC, and they seem to work, > ie after running them I can backup a directory on the client OK. > I didn't give any other relevant instructions on client or server. Backuppc isn't really relevant as it just uses the ssh setup in the way you can run any command. You should only be able to execute a remote command (any command) without a password if you have put the public part of a keypair in the home directory of the user where sshd will be accepting the command and the matching private part is stored under the account where the ssh command is issued. >>> I find your account with "orginator" and "target" difficult to follow, >>> like most of the BackupPC documentation and tutorials. >> There are two machines involved. The command originates where the ssh >> command is executed - in this case the backuppc server. The account >> originating the command must have read access to the private part of the >> key pair - in this case the backuppc user. > > My humble suggestion is that you consider using the terms > "BackupPC server" and "BackupPC client", which to my mind are unambiguous. You don't seem to get the point that ssh can run any command, starting as any user and running as any user on another machine, but for the case you want to use today, the private key part has to be on the backuppc server and the public one on the client. > I find when reading documentation on applications involving > more than one computer > that I often do not know which computer the author is referring to. The machines generally treat each other equally - you could run commands either or both ways with appropriate key setup. >> No other account or machine >> should be able to read or have a copy of the private part of the key. >> Therefore, the key pair should have been created by running ssh-keygen >> as the backuppc user on the backuppc server. The remote side or target >> is the one accepting the command via sshd, in this case the client of >> backuppc. As sshd accepts the connection, it will look for the public >> part of the key under .ssh in the home directory of the user you >> specified for the connection, in this case root. Sshd will use the >> public key it finds there to verify the identity of the connecting user >> by asking it to do something only possible if the connecting user has >> read access to the private part of the key. Therefore the relevant >> public key (made as the backuppc user on the backuppc server) needs to >> be in root's home directory on the clients, appended to >> .ssh/authorized_keys or .ssh/authorized_keys2. Again, this doesn't >> have much to do with backuppc. It is the way ssh works with any remote >> command. > > Is it not possible that running "ssh -l root " on the server > actually sets up the connection appropriately for BackupPC? No, it should ask for a password if it doesn't find matching keys. -- Les Mikesell lesmikes...@gmail.com -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Les Mikesell wrote: >> This seems to me rather important. >> Are you saying that my setup is wrong? > > Yes, although it wouldn't work if you didn't also do it right. You can > have as many different keypairs as you like. I'm not sure what you are saying. I tried the instructions I gave on a laptop which hadn't been used with BackupPC, and they seem to work, ie after running them I can backup a directory on the client OK. I didn't give any other relevant instructions on client or server. >> I find your account with "orginator" and "target" difficult to follow, >> like most of the BackupPC documentation and tutorials. > > There are two machines involved. The command originates where the ssh > command is executed - in this case the backuppc server. The account > originating the command must have read access to the private part of the > key pair - in this case the backuppc user. My humble suggestion is that you consider using the terms "BackupPC server" and "BackupPC client", which to my mind are unambiguous. I find when reading documentation on applications involving more than one computer that I often do not know which computer the author is referring to. > No other account or machine > should be able to read or have a copy of the private part of the key. > Therefore, the key pair should have been created by running ssh-keygen > as the backuppc user on the backuppc server. The remote side or target > is the one accepting the command via sshd, in this case the client of > backuppc. As sshd accepts the connection, it will look for the public > part of the key under .ssh in the home directory of the user you > specified for the connection, in this case root. Sshd will use the > public key it finds there to verify the identity of the connecting user > by asking it to do something only possible if the connecting user has > read access to the private part of the key. Therefore the relevant > public key (made as the backuppc user on the backuppc server) needs to > be in root's home directory on the clients, appended to > .ssh/authorized_keys or .ssh/authorized_keys2. Again, this doesn't > have much to do with backuppc. It is the way ssh works with any remote > command. Is it not possible that running "ssh -l root " on the server actually sets up the connection appropriately for BackupPC? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Holger Parplies wrote: >> >> Sorry, /etc/BackupPC/config.pl is 2165 lines long. >> >> I've no intention of reading that. >> >> Life is too short. > > so you'd rather spend your and our time discussing why your setup is not > working? Well, thanks a lot. Life is too short to bother helping you then. Have you helped me, or tried to? If so, thanks. In either case, BackupPC is working perfectly for me now, so hopefully I won't need your or anyone else's help > Actually, reading documentation usually *saves* time when you're dealing > with something more versatile than an oven knob. Only if it is reasonably terse. Eg no-one in their right mind reads sendmail or apache documentation. You would be dead before you used the program itself. >> > If you're serious about doing backups, I recommend you really read >> > through the configuration. I read all of it and afterwards I >> > understood a lot more about how BackupPC works, what it's doing >> > exactly and what kind of things can be changed and tweaked. That's the difference between us. I don't really want to know how BackupPC works, as long as it works. >> You are a guru. >> I am just a newbie user. > > I would summarize differently: > Nils wants to rely on his backups doing what they are supposed to, in the > most efficient manner. > You seem to want to do backups because someone said it's cool. Nobody told me it was cool. I just thought it was about time I started backing up. Actually I used to back up in a simple-minded way with rsync, but BackupPC is much simpler (once it is working) as well as cooler. >> I want to learn the minimum necessary to play music on my laptop. >> run BackupPC, etc. > > You don't *need* to do backups. How do you know? It would actually be a terrible nuisance, and take weeks if not months to recover, if I lost everything on my system. > If you write a > guide "for dummies", why not make them do things right, even if it means a > lot of work for them? But I don't think it does mean a lot of work. If you tell people they must read vast documents in order to backup, most people won't backup. > For the archives: Nils and Les both correctly pointed out that you > generate the ssh key *on the BackupPC server* and copy the *public part* > to the authorized_keys file of the target user on the client host(s) you > are backing up. But what I did actually worked. I think that running "ssh -l root " as backuppc on the server actually installs backuppc's info in root's known_hosts on the client. > I would like to add (again) that using root as the target user means that > anyone gaining access to your BackupPC server (as user backuppc) has full > root access to your client hosts. But that is the default in the CentOS-5.2 installation. I do see the danger, though that wouldn't apply in my case (hopefully). > This can easily be avoided by instead > using a non-priviledged user and setting up 'sudo' for the command > neccessary for making backups - if sudo is even needed (if the target user > has read permission for everything you want to back up, it isn't). If you > also enable *restores* this way, you are probably making it possible for a > potential attacker to overwrite /etc/shadow, thus giving him full root > access again. You cannot prevent someone who has access to the server as > backuppc user from reading (modifying, deleting) all the data in your > backups, so protect your server well. In particular, do *not* put > gratuitious passwordless ssh keys in ~backuppc/.ssh/authorized_keys on the > BackupPC server - you do not need them; in fact this file does not even > need to exist. I do see what you are saying, and I will think about it. The instructions I followed were taken from one of the many tutorials I looked at. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > Nils Breunese (Lemonbit) wrote: > >>> Sorry, /etc/BackupPC/config.pl is 2165 lines long. >>> I've no intention of reading that. >>> Life is too short. >> >> If you're serious about doing backups, I recommend you really read >> through the configuration. I read all of it and afterwards I >> understood a lot more about how BackupPC works, what it's doing >> exactly and what kind of things can be changed and tweaked. > > You are a guru. > I am just a newbie user. > I feel I am inundated with far too much information. > My RAM is full. > I want to learn the minimum necessary to play music on my laptop. > run BackupPC, etc. > I don't want to tweak anything, unless that is essential. > I assume the distributor has done that for me, > and I haven't been disappointed so far with CentOS-5.2 in this regard. You keep bringing up CentOS like it's a complete counterpart of BackupPC. I use both CentOS and BackupPC and have used both long enough to be able to say with confidence that both have a lot of knobs to tweak. Surely the distributor is doing its best to deliver a nice experience, but some tools (like both CentOS and BackupPC as far as I'm concerned) just have too many knobs and switches to satisfy every level of requirements a user can have out of the box. You talk about BackupPC like it's logical that it is configured exactly for your needs. But you just seem to want to play a little music and have backups. That's fine, but other people are using BackupPC in an enterprise situation with large RAID storage arrays. Some people backup mostly Windows machines, some people backup no Windows machines. Some backup their machine to a local drive, some backup racks of servers over the internet. There are just a lot of situations where BackupPC can be put to use, but that also means there'll be some configuring to do. Your definition of 'essential' might just be very different from someone else's. I know BackupPC's web interface is pretty shiny, but maybe you're just looking for a tool that has less knobs and switches. Check out rdiff- backup for instance. It's not that I'm trying to scare you away from using BackupPC, I'm just trying to help and hope that you can have some understanding for why BackupPC is like the way it is. Nils Breunese. -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > >>> Sorry, /etc/BackupPC/config.pl is 2165 lines long. >>> I've no intention of reading that. >>> Life is too short. >> If you're serious about doing backups, I recommend you really read >> through the configuration. I read all of it and afterwards I >> understood a lot more about how BackupPC works, what it's doing >> exactly and what kind of things can be changed and tweaked. > > You are a guru. > I am just a newbie user. > I feel I am inundated with far too much information. > My RAM is full. > I want to learn the minimum necessary to play music on my laptop. > run BackupPC, etc. > I don't want to tweak anything, unless that is essential. No one but you can possibly know what is essential. > I assume the distributor has done that for me, The config file is entirely optional settings that would be essential to change in some situation - that why they are configurable. > If I have a few spare brain-cells left after this, > I would rather use them learning Italian. You don't have to memorize them, just make sure they are set to what you want to happen. -- Les Mikesell lesmikes...@gmail.com -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: 1. ssh-keygen as root on the client >>> 2. scp .ssh/id_rsa.pub from /root on the client to the server >>>and append to ~backuppc/.ssh/authorized_keys . >> You have that backwards. The private side of the key pair belongs in >> the .ssh directory under the home of the originator of the command. The >> public part is appended to the authorized_keys or authorized_keys2 file >> in the .ssh directory under the home of the target of the command. The >> remote side is going to use the public key to make sure that the >> originator can read the private key on the originating system before >> continuing. > > This seems to me rather important. > Are you saying that my setup is wrong? Yes, although it wouldn't work if you didn't also do it right. You can have as many different keypairs as you like. > I find your account with "orginator" and "target" difficult to follow, > like most of the BackupPC documentation and tutorials. There are two machines involved. The command originates where the ssh command is executed - in this case the backuppc server. The account originating the command must have read access to the private part of the key pair - in this case the backuppc user. No other account or machine should be able to read or have a copy of the private part of the key. Therefore, the key pair should have been created by running ssh-keygen as the backuppc user on the backuppc server. The remote side or target is the one accepting the command via sshd, in this case the client of backuppc. As sshd accepts the connection, it will look for the public part of the key under .ssh in the home directory of the user you specified for the connection, in this case root. Sshd will use the public key it finds there to verify the identity of the connecting user by asking it to do something only possible if the connecting user has read access to the private part of the key. Therefore the relevant public key (made as the backuppc user on the backuppc server) needs to be in root's home directory on the clients, appended to .ssh/authorized_keys or .ssh/authorized_keys2. Again, this doesn't have much to do with backuppc. It is the way ssh works with any remote command. > As far as I am concerned, there is a BackupPC server, > which is the machine backuppc (and httpd) is running on, > and there are clients, which are the machines I am backing up. > > I'm only interested at this moment in how ssh is used > in conjunction with BackupPC. > > Assuming that BackupPC is set up and running on the server, > this is what I do to add a client to the BackupPC system. > > 1. Start sshd running on the client: > $ sudo service sshd restart > $ sudo chkconfig sshd on > > 2. Set up ssh as root on the client > $ su > $ Password: > # ssh-keygen > ... This is unnecessary on the client. You only need to generate one keypair as backuppc on the server, and use the public part on all the clients. > 3. Copy root's public key from the client to the server > # cd > # cd .ssh > # scp id_rsa.pub helen:/tmp/ > ["helen" is my server.] > > 4. On the server, copy the key to ~backuppc > $ sudo su -c /bin/sh backuppc > $ cd > $ cd .ssh > $ cat /tmp/id_rsa.pub >> authorized_keys No, this would let you issue ssh commands as root on the client in the form 'ssh -lbackuppc backuppc_server command'. > 5. Check that all is working by running (still as backuppc on the server) > $ ssh -l root mary > ["mary" is the client.] This test is correct, and if it completes without a password prompt you must have also set up the keys in the right direction. -- Les Mikesell lesmikes...@gmail.com -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Hi, Timothy Murphy wrote on 2008-12-27 12:19:48 + [Re: [BackupPC-users] sshd on client?]: > Nils Breunese (Lemonbit) wrote: > >Timothy Murphy wrote: > >> Sorry, /etc/BackupPC/config.pl is 2165 lines long. > >> I've no intention of reading that. > >> Life is too short. so you'd rather spend your and our time discussing why your setup is not working? Well, thanks a lot. Life is too short to bother helping you then. Actually, reading documentation usually *saves* time when you're dealing with something more versatile than an oven knob. > > If you're serious about doing backups, I recommend you really read > > through the configuration. I read all of it and afterwards I > > understood a lot more about how BackupPC works, what it's doing > > exactly and what kind of things can be changed and tweaked. > > You are a guru. > I am just a newbie user. I would summarize differently: Nils wants to rely on his backups doing what they are supposed to, in the most efficient manner. You seem to want to do backups because someone said it's cool. > I feel I am inundated with far too much information. > My RAM is full. I know the feeling. That makes you miss some things that would be important to you - not to get them for free, sadly. > I want to learn the minimum necessary to play music on my laptop. > run BackupPC, etc. You don't *need* to do backups. If you feel it is necessary *for you*, you will need to invest as much time as it takes to get things up and running satisfactorily *for you*. Nobody is saying you need to do a full restore to see if things are working properly. Nobody is saying you need to keep an offsite image of your pool. Nobody is saying you must not use remote root access to obtain your backups. In fact, I'm saying I can't decide for you what you need to do *in your circumstances*. But, trust me, if there were a comprehensive tutorial like you are requesting other people should write for you, it would likely contain the above points. If you write a guide "for dummies", why not make them do things right, even if it means a lot of work for them? At least nobody will complain later on, that something went wrong. > I don't want to tweak anything, unless that is essential. Again: who defines "essential" and how does he define it? For the archives: Nils and Les both correctly pointed out that you generate the ssh key *on the BackupPC server* and copy the *public part* to the authorized_keys file of the target user on the client host(s) you are backing up. I would like to add (again) that using root as the target user means that anyone gaining access to your BackupPC server (as user backuppc) has full root access to your client hosts. This can easily be avoided by instead using a non-priviledged user and setting up 'sudo' for the command neccessary for making backups - if sudo is even needed (if the target user has read permission for everything you want to back up, it isn't). If you also enable *restores* this way, you are probably making it possible for a potential attacker to overwrite /etc/shadow, thus giving him full root access again. You cannot prevent someone who has access to the server as backuppc user from reading (modifying, deleting) all the data in your backups, so protect your server well. In particular, do *not* put gratuitious passwordless ssh keys in ~backuppc/.ssh/authorized_keys on the BackupPC server - you do not need them; in fact this file does not even need to exist. So, while the instructions posted twice by Timothy do not obviously break things, they also solve no problem and potentially cause a security problem (depending on your setup, of course). Hope that helps. Regards, Holger -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Nils Breunese (Lemonbit) wrote: >> Sorry, /etc/BackupPC/config.pl is 2165 lines long. >> I've no intention of reading that. >> Life is too short. > > If you're serious about doing backups, I recommend you really read > through the configuration. I read all of it and afterwards I > understood a lot more about how BackupPC works, what it's doing > exactly and what kind of things can be changed and tweaked. You are a guru. I am just a newbie user. I feel I am inundated with far too much information. My RAM is full. I want to learn the minimum necessary to play music on my laptop. run BackupPC, etc. I don't want to tweak anything, unless that is essential. I assume the distributor has done that for me, and I haven't been disappointed so far with CentOS-5.2 in this regard. If I have a few spare brain-cells left after this, I would rather use them learning Italian. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Les Mikesell wrote: >> In my case the only change on the clients >> is to specify the directories I want to backup, >> and the only change on the server is to specify which machines >> are allowed to access it. >> >> The rest is setting up ssh to work as root on the clients, >> and this requires 3 steps: >> 1. ssh-keygen as root on the client >> 2. scp .ssh/id_rsa.pub from /root on the client to the server >>and append to ~backuppc/.ssh/authorized_keys . > > You have that backwards. The private side of the key pair belongs in > the .ssh directory under the home of the originator of the command. The > public part is appended to the authorized_keys or authorized_keys2 file > in the .ssh directory under the home of the target of the command. The > remote side is going to use the public key to make sure that the > originator can read the private key on the originating system before > continuing. This seems to me rather important. Are you saying that my setup is wrong? I find your account with "orginator" and "target" difficult to follow, like most of the BackupPC documentation and tutorials. As far as I am concerned, there is a BackupPC server, which is the machine backuppc (and httpd) is running on, and there are clients, which are the machines I am backing up. I'm only interested at this moment in how ssh is used in conjunction with BackupPC. Assuming that BackupPC is set up and running on the server, this is what I do to add a client to the BackupPC system. 1. Start sshd running on the client: $ sudo service sshd restart $ sudo chkconfig sshd on 2. Set up ssh as root on the client $ su $ Password: # ssh-keygen ... 3. Copy root's public key from the client to the server # cd # cd .ssh # scp id_rsa.pub helen:/tmp/ ["helen" is my server.] 4. On the server, copy the key to ~backuppc $ sudo su -c /bin/sh backuppc $ cd $ cd .ssh $ cat /tmp/id_rsa.pub >> authorized_keys 5. Check that all is working by running (still as backuppc on the server) $ ssh -l root mary ["mary" is the client.] 6. Browse to http://helen/BackupPC, click on Server=>Edit Hosts and add the client to the list, with backuppc as user . Click on Save . 7. Click on "Select a host..." and choose the new client, "mary". Click on mary=>Edit Config . Click on Xfer . Go to RsyncShareName , check Override and change / to the directory you want to backup, eg /home/tim/Public/ . Click on Save. 8. Test if it works by clicking on Server=>Host Summary Click on the new client, "mary". Click on "Start Full Backup" and confirm this. Click on mary=>LOG file to make sure this has worked. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > The rest is setting up ssh to work as root on the clients, > and this requires 3 steps: > 1. ssh-keygen as root on the client You don't need to run ssh-keygen on the clients, only on the BackupPC server. You copy the public key that is generated on the BackupPC server to the clients. >> As I said, "behind the scenes" means "what *you* configured". If >> you use >> the default values, you will need to understand what they mean. You >> should >> at least have *looked at* the values, in which case you should have >> noticed the 'ssh -q -x -l root $host ...' > > Sorry, /etc/BackupPC/config.pl is 2165 lines long. > I've no intention of reading that. > Life is too short. If you're serious about doing backups, I recommend you really read through the configuration. I read all of it and afterwards I understood a lot more about how BackupPC works, what it's doing exactly and what kind of things can be changed and tweaked. Reading 2165 lines to make sure you have a good feeling about backing up all data that is important to you sounds like a bargain to me. Mostly it's a summary of the online docs by the way. Reading those I recommend even more actually. Nils Breunese. -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > Holger Parplies wrote: > >> actually, ssh is most useful for inter-realm access. On my local intranet, >> password and data snooping are not a real threat. I use ssh anyway, out of >> habit. > > Surely it is quite difficult to use anything else on a Linux system? > What is the alternative? Rsync in daemon mode works in linux as well as windows. But Linux admins normally have experience with ssh. >> But who says my user name for my university account, work account, >> home account are all identical? > > Fortunately I am lucky enough to be able to use the same name everywhere. That just means that ssh inserts the originating user name as a default for you on the destination side. No difference otherwise. >> >> 1.) There is an evident misconception of the scope of BackupPC. >> ssh is not part of BackupPC.which access is actually used. > > The difference between us is, in brief, that I don't want to know > 99 ways of doing something, > and I don't want to have to read the Encyclopedia Britannica > in order to find out how to turn on the oven. The difference between learning to use a tool and turning on an appliance is that you'll find another use for the tool tomorrow whereas your oven knob will never do anything else for you. If you don't like reusable tools that each do one thing well, you should probably stay away from unix-like operating systems. > I imagine 99% of people use rsync with BackupPC on Linux systems, > so personally I would prefer the other methods to be relegated > to an appendix. I have some systems running tar. But the ssh setup is the same. > I also imagine 99% of people download a binary version of BackupPC, > so the basic question is what changes from the default one has to make. Binary? You mean one that some packager has modified to adapt to a distribution? Then you should get documentation with the package since no one else will know what changes have been made. > In my case the only change on the clients > is to specify the directories I want to backup, > and the only change on the server is to specify which machines > are allowed to access it. > > The rest is setting up ssh to work as root on the clients, > and this requires 3 steps: > 1. ssh-keygen as root on the client > 2. scp .ssh/id_rsa.pub from /root on the client to the server >and append to ~backuppc/.ssh/authorized_keys . You have that backwards. The private side of the key pair belongs in the .ssh directory under the home of the originator of the command. The public part is appended to the authorized_keys or authorized_keys2 file in the .ssh directory under the home of the target of the command. The remote side is going to use the public key to make sure that the originator can read the private key on the originating system before continuing. > 3. run "ssh -l root " as backuppc on the server. That part is right. > In other words, as far as I can see, > complete instructions could be given on half a page, > at least in the case of CentOS-5.2, which I am using. Yes, but the instructions belong to ssh, not backuppc. You can run any command remotely with ssh. > Maybe other distributions are more complicated? Ssh is separate in all of them. -- Les Mikesell lesmikes...@gmail.com -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Holger Parplies wrote:
> actually, ssh is most useful for inter-realm access. On my local intranet,
> password and data snooping are not a real threat. I use ssh anyway, out of
> habit.
Surely it is quite difficult to use anything else on a Linux system?
What is the alternative?
> But who says my user name for my university account, work account,
> home account are all identical?
Fortunately I am lucky enough to be able to use the same name everywhere.
>> >>> That is what I found to be the essential point in getting BackupPC
>> >>> working.
>> >>> Amazingly, it did not see to be stated clearly in any of the
>> >>> tutorials
>
> Two points strike me when reading this:
>
> 1.) There is an evident misconception of the scope of BackupPC.
> ssh is not part of BackupPC. BackupPC provides about four transfer
> methods ($Conf{XferMethod}): tar, smb, rsync and rsyncd ('BackupPCd'
> omitted on purpose). For network backups (but not local backups!) you
> need to provide a method to bridge the gap between local host and
> remote host. For smb and rsyncd, the protocol itself does this (but
> you may want to trick it into using an ssh tunnel). For tar and rsync,
> you can use anything that works for you.
> Most people probably use ssh, because that is secure and fairly easy
> to set up. I use NFS in one setup - no ssh involved. I could imagine
> using rsh or even netcat in a trusted environment. Or, of course, any
> home-grown protocol that transparently passes data over the network.
> You see that it is impossible to document all conceivable cases,
> because they are essentially site-specific. That is true even for the
> classic 'rsync over ssh' case. Probably all security-conscious people
> do *not* 'ssh -l root ...'. I use the backuppc user on the remote end
> and then 'sudo' to gain root access for the rsync command and that
> only. So it is specific to *your* setup and *your* requirements which
> access you actually need to test. Furthermore, it is documented in
> *your* configuration files, which access is actually used.
The difference between us is, in brief, that I don't want to know
99 ways of doing something,
and I don't want to have to read the Encyclopedia Britannica
in order to find out how to turn on the oven.
I imagine 99% of people use rsync with BackupPC on Linux systems,
so personally I would prefer the other methods to be relegated
to an appendix.
I also imagine 99% of people download a binary version of BackupPC,
so the basic question is what changes from the default one has to make.
In my case the only change on the clients
is to specify the directories I want to backup,
and the only change on the server is to specify which machines
are allowed to access it.
The rest is setting up ssh to work as root on the clients,
and this requires 3 steps:
1. ssh-keygen as root on the client
2. scp .ssh/id_rsa.pub from /root on the client to the server
and append to ~backuppc/.ssh/authorized_keys .
3. run "ssh -l root " as backuppc on the server.
In other words, as far as I can see,
complete instructions could be given on half a page,
at least in the case of CentOS-5.2, which I am using.
Maybe other distributions are more complicated?
>> > and in the case of backuppc it is not clear that this is what is
>> > being done,
>> > unless one looks "behind the scenes".
>
> As I said, "behind the scenes" means "what *you* configured". If you use
> the default values, you will need to understand what they mean. You should
> at least have *looked at* the values, in which case you should have
> noticed the 'ssh -q -x -l root $host ...'
Sorry, /etc/BackupPC/config.pl is 2165 lines long.
I've no intention of reading that.
Life is too short.
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Nils Breunese (Lemonbit) wrote: > The public key of the backuppc user needs to be in the > authorized_keys > file of the user account on the client. Also see > http://backuppc.sourceforge.net/faq/ssh.html That is what I found to be the essential point in getting BackupPC working. Amazingly, it did not see to be stated clearly in any of the tutorials I looked at. >>> >>> Well, it's in the official docs and it's standard procedure for using >>> SSH with public key authentication. >> >> Where exactly do you think it says this in the official docs? > > At the link I mentioned above. > http://backuppc.sourceforge.net/faq/ssh.html > says: > > "Key exchange > > To allow BackupPC to ssh to the client as root, you need to place > BackupPC's public key into root's authorized list on the client. (...)" I've read the "Key exchange" section again, and I'm afraid I still don't think it is at all well explained. It's far too complicated, and recommends several steps which were completely unnecessary in my case, installing and running BackupPC under CentOS-5.2 , Maybe the setup is particularly simple on CentOS? >> In my view, BackupPC is an excellent program, >> with two large provisos: >> the documentation is very bad, > > I disagree completely. The docs on the site are excellent in my view. > Much better than for a lot of other open source tools I use. Do you > know about the BackupPC wiki? You can post clearer instructions there > if you have any. Or ask Craig to include specific changes. I came across dozens - probably hundreds - of simple problems encountered by people trying to setup BackupPC when I googled for "backuppc error 4 bytes". These stretch back over several years, and as far as I can see no attempt has been made to answer these queries with simply explained minimal replies. >> and the error messages (the 4 bytes nonsense) are even worse. > > That one might be hard to tackle at first, yes. If you or someone else > could contribute a patch that would make this better, by all means let > the list know. An error message should make some sense to the user. What information is "Unable to read 4 bytes" meant to convey? As far as I am concerned it might as well have said "Unable to read Sanscrit". Assuming the problem is that the server cannot access the client, might I suggest that "Server cannot access client" might convey a little more. Perhaps one might add, "Probably a problem in SSH setup". -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Hi,
Nils Breunese (Lemonbit) wrote on 2008-12-26 22:00:28 +0100 [Re:
[BackupPC-users] sshd on client?]:
> Timothy Murphy wrote:
> > Nils Breunese (Lemonbit) wrote:
> >> Timothy Murphy wrote:
> > [...]
> > When you say "you can SSH into the machines"
> > I take that to mean that you can say
> > ssh
> > I suspect that is what most newbies to backuppc (like me) will think,
> > which is probably why the official documentation is hard to untangle.
>
> I gave an example that read 'ssh usern...@client', not 'ssh client'.
> [...]
> > You say it is standard procedure;
> > but it is not normal to ssh into a machine as a different user,
>
> Why not? You login as the user you want to login as.
actually, ssh is most useful for inter-realm access. On my local intranet,
password and data snooping are not a real threat. I use ssh anyway, out of
habit. But who says my user name for my university account, work account,
home account are all identical? In fact, on my work firewall, I don't have a
dedicated user account, so my .ssh/config contains
Host firewall
User root
making 'ssh firewall' equivalent to 'ssh -l root firewall'. You see, it's
quite *natural* to have different user names on client and server side - so
natural that ssh provides a mechanism to save you typing the user name every
time. ssh is as much about accessing user priviledges as it is about accessing
a remote host ('ssh r...@localhost'). There is a default available for the
remote user name which turns out to make sense quite often: the local user
name. But this is a short-cut, nothing more. If I had written ssh, I would
have provided a default for the host as well: localhost (which would make the
invocation 'ssh' (without parameters) legal but essentially useless).
> >>> That is what I found to be the essential point in getting BackupPC
> >>> working.
> >>> Amazingly, it did not see to be stated clearly in any of the
> >>> tutorials
Two points strike me when reading this:
1.) There is an evident misconception of the scope of BackupPC.
ssh is not part of BackupPC. BackupPC provides about four transfer methods
($Conf{XferMethod}): tar, smb, rsync and rsyncd ('BackupPCd' omitted on
purpose). For network backups (but not local backups!) you need to provide
a method to bridge the gap between local host and remote host. For smb and
rsyncd, the protocol itself does this (but you may want to trick it into
using an ssh tunnel). For tar and rsync, you can use anything that works
for you.
Most people probably use ssh, because that is secure and fairly easy to
set up. I use NFS in one setup - no ssh involved. I could imagine using
rsh or even netcat in a trusted environment. Or, of course, any
home-grown protocol that transparently passes data over the network. You
see that it is impossible to document all conceivable cases, because they
are essentially site-specific. That is true even for the classic 'rsync
over ssh' case. Probably all security-conscious people do *not* 'ssh -l
root ...'. I use the backuppc user on the remote end and then 'sudo' to
gain root access for the rsync command and that only. So it is specific to
*your* setup and *your* requirements which access you actually need to
test. Furthermore, it is documented in *your* configuration files, which
access is actually used.
2.) You seem to be confusing documentation and third-party web resources.
I'm not sure which 'tutorials' you are referring to, but I believe the
BackupPC documentation does not contain any tutorials. Nils quoted from
the documentation, and it appears to be very clear. If someone puts
instructions on the web which are maybe unclear (or even misleading), that
should not be attributed to the quality of the official documentation.
> [...]
> > and in the case of backuppc it is not clear that this is what is
> > being done,
> > unless one looks "behind the scenes".
As I said, "behind the scenes" means "what *you* configured". If you use the
default values, you will need to understand what they mean. You should at
least have *looked at* the values, in which case you should have noticed the
'ssh -q -x -l root $host ...'.
In fact, if *anything* requiring remote read access to *all your files* *ever*
works out-of-the-box, you should be *very* suspicious. BackupPC's default
configuration *could* contain options to suppress the host key check, but this
would be a Very Bad Thing (tm). Anyone who really understands the meaning of
the host key check will want to actually verify the key fingerprint. Anyone
who does not should be
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > Nils Breunese (Lemonbit) wrote: > >> Timothy Murphy wrote: >> >>> Nils Breunese (Lemonbit) wrote: >>> > Is there incidentally a simple test to determine > if ssh is working as required by BackupPC? See if the BackupPC user can login on the client without entering a password. >>> >>> Thanks for your comments, which are mostly helpful. >>> >>> However, I think the above was slightly misleading. >>> I have BackupPC working perfectly on 4 computers (server + 3 >>> clients), >>> but in no case can backuppc on the server >>> ssh into any of the client machines >>> without being asked for a password; >>> and when asked for a password I cannot give one, >>> since backuppc does not have one. >>> >>> I can ssh onto root on the client machines, eg with >>> ssh -l root mary >> >> I don't really understand the difference. That last example is what I >> meant. If you cannot SSH into the machines, you cannot run backups >> over SSH. > > It's just a matter of language, I guess. > When you say "you can SSH into the machines" > I take that to mean that you can say > ssh > I suspect that is what most newbies to backuppc (like me) will think, > which is probably why the official documentation is hard to untangle. I gave an example that read 'ssh usern...@client', not 'ssh client'. The public key of the backuppc user needs to be in the authorized_keys file of the user account on the client. Also see http://backuppc.sourceforge.net/faq/ssh.html >>> >>> That is what I found to be the essential point in getting BackupPC >>> working. >>> Amazingly, it did not see to be stated clearly in any of the >>> tutorials >>> I looked at. >> >> Well, it's in the official docs and it's standard procedure for using >> SSH with public key authentication. > > Where exactly do you think it says this in the official docs? At the link I mentioned above. http://backuppc.sourceforge.net/faq/ssh.html says: "Key exchange To allow BackupPC to ssh to the client as root, you need to place BackupPC's public key into root's authorized list on the client. (...)" > You say it is standard procedure; > but it is not normal to ssh into a machine as a different user, Why not? You login as the user you want to login as. > and in the case of backuppc it is not clear that this is what is > being done, > unless one looks "behind the scenes". I thought that was pretty clear actually. If you want to login as a specific user which is different from the username you are currently logged in as, you have to somehow tell ssh. No way around that. > In my view, BackupPC is an excellent program, > with two large provisos: > the documentation is very bad, I disagree completely. The docs on the site are excellent in my view. Much better than for a lot of other open source tools I use. Do you know about the BackupPC wiki? You can post clearer instructions there if you have any. Or ask Craig to include specific changes. > and the error messages (the 4 bytes nonsense) are even worse. That one might be hard to tackle at first, yes. If you or someone else could contribute a patch that would make this better, by all means let the list know. Nils Breunese. -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Nils Breunese (Lemonbit) wrote: > Timothy Murphy wrote: > >> Nils Breunese (Lemonbit) wrote: >> Is there incidentally a simple test to determine if ssh is working as required by BackupPC? >>> >>> See if the BackupPC user can login on the client without entering a >>> password. >> >> Thanks for your comments, which are mostly helpful. >> >> However, I think the above was slightly misleading. >> I have BackupPC working perfectly on 4 computers (server + 3 clients), >> but in no case can backuppc on the server >> ssh into any of the client machines >> without being asked for a password; >> and when asked for a password I cannot give one, >> since backuppc does not have one. >> >> I can ssh onto root on the client machines, eg with >> ssh -l root mary > > I don't really understand the difference. That last example is what I > meant. If you cannot SSH into the machines, you cannot run backups > over SSH. It's just a matter of language, I guess. When you say "you can SSH into the machines" I take that to mean that you can say ssh I suspect that is what most newbies to backuppc (like me) will think, which is probably why the official documentation is hard to untangle. >>> The public key of the backuppc user needs to be in the >>> authorized_keys >>> file of the user account on the client. Also see >>> http://backuppc.sourceforge.net/faq/ssh.html >> >> That is what I found to be the essential point in getting BackupPC >> working. >> Amazingly, it did not see to be stated clearly in any of the tutorials >> I looked at. > > Well, it's in the official docs and it's standard procedure for using > SSH with public key authentication. Where exactly do you think it says this in the official docs? You say it is standard procedure; but it is not normal to ssh into a machine as a different user, and in the case of backuppc it is not clear that this is what is being done, unless one looks "behind the scenes". In my view, BackupPC is an excellent program, with two large provisos: the documentation is very bad, and the error messages (the 4 bytes nonsense) are even worse. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Juergen Harms wrote: > I think it should be possible to set up password-less ssh login for > the > user backuppc just as for any other user - that is what I intend to > do, > but have not yet got round to - will I lose my time? I don't understand what you're asking exactly, but setting up password- less SSH logins is standard procedure if you're going to do backups over SSH. Nils Breunese. -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > Nils Breunese (Lemonbit) wrote: > >>> Is there incidentally a simple test to determine >>> if ssh is working as required by BackupPC? >> >> See if the BackupPC user can login on the client without entering a >> password. > > Thanks for your comments, which are mostly helpful. > > However, I think the above was slightly misleading. > I have BackupPC working perfectly on 4 computers (server + 3 clients), > but in no case can backuppc on the server > ssh into any of the client machines > without being asked for a password; > and when asked for a password I cannot give one, > since backuppc does not have one. > > I can ssh onto root on the client machines, eg with > ssh -l root mary I don't really understand the difference. That last example is what I meant. If you cannot SSH into the machines, you cannot run backups over SSH. >> The public key of the backuppc user needs to be in the >> authorized_keys >> file of the user account on the client. Also see >> http://backuppc.sourceforge.net/faq/ssh.html > > That is what I found to be the essential point in getting BackupPC > working. > Amazingly, it did not see to be stated clearly in any of the tutorials > I looked at. Well, it's in the official docs and it's standard procedure for using SSH with public key authentication. Nils Breunese. -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
I think it should be possible to set up password-less ssh login for the user backuppc just as for any other user - that is what I intend to do, but have not yet got round to - will I lose my time? A tip for setting up ssh: I store the keys (both at the host- and at the user-level) in a shared (non-bootable) file-system and have symbolic links from /etc/ssh/xxx and from the users .ssh/xxx to these files. That makes life much easier when I re-install an OS partition (for instance when new releases become available). -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Nils Breunese (Lemonbit) wrote: >> Is there incidentally a simple test to determine >> if ssh is working as required by BackupPC? > > See if the BackupPC user can login on the client without entering a > password. Thanks for your comments, which are mostly helpful. However, I think the above was slightly misleading. I have BackupPC working perfectly on 4 computers (server + 3 clients), but in no case can backuppc on the server ssh into any of the client machines without being asked for a password; and when asked for a password I cannot give one, since backuppc does not have one. I can ssh onto root on the client machines, eg with ssh -l root mary > The public key of the backuppc user needs to be in the authorized_keys > file of the user account on the client. Also see > http://backuppc.sourceforge.net/faq/ssh.html That is what I found to be the essential point in getting BackupPC working. Amazingly, it did not see to be stated clearly in any of the tutorials I looked at. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
On Tue, Dec 23, 2008 at 01:47:42PM +, Timothy Murphy wrote: > Must an ssh server be running on BackPC clients? You could also perform backups using rsync via rsyncd, then no sshd is needed. Nils answered the other questions already... Tino. -- "What we nourish flourishes." - "Was wir nähren erblüht." www.lichtkreis-chemnitz.de www.craniosacralzentrum.de -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] sshd on client?
Timothy Murphy wrote: > Must an ssh server be running on BackPC clients? If you'll be using SSH, then yes, because the BackupPC server needs to be able to login on the clients. > Is there incidentally a simple test to determine > if ssh is working as required by BackupPC? See if the BackupPC user can login on the client without entering a password. Switch to the backuppc user on the BackupPC server: # su -s /bin/bash - backuppc Try to login on the remote client: # ssh usern...@client You need to do this at least once after adding a new host, because you need to okay the SSH key fingerprints the first time. > As far as I can see, one has to exchange keys > between backuppc on the server and root on the clients. > Is that correct? The public key of the backuppc user needs to be in the authorized_keys file of the user account on the client. Also see http://backuppc.sourceforge.net/faq/ssh.html Nils Breunese. -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] sshd on client?
Must an ssh server be running on BackPC clients? Is there incidentally a simple test to determine if ssh is working as required by BackupPC? As far as I can see, one has to exchange keys between backuppc on the server and root on the clients. Is that correct? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
