I emailed you. In the interim try ‘ssh-copy-id’ to get the weewx user public key correctly into the remote system’s account authorized_keys file. On Tuesday, May 13, 2025 at 8:15:48 PM UTC-7 Shane Burkhardt wrote:
> *There is nothing special. It is ssh-101. You need passwordless ssh set > up as a prerequisite for rsync-over-ssh to work. Nothing weewx-specific at > all there.* > > Yup I understand that. I can get passwordless to work with my account > "shane" but I cannot get passwordless to work with either root or weewx. > > > *Simplest test is to ssh into the remote host using the private key of the > user you want weewx to rsync as. The incantation should be* > * "ssh -i /var/www/weewx/.ssh/weewx_account_private_key_filename_here > my.host.com <http://my.host.com> date" * > > So that did uncover that the permissions for /var/lib/weewx/.ssh were not > set appropriately. I did set them as chmod 0700 following other online > websites on how to set up rsync, but apparently that was not permissive > enough. After resolving the permissions issue, I was able to see the date, > but then when executing: > > "sudo -u weewx weectl report run RSYNC". it still prompted for the > password. This is leading me to think that Weewx is not looking for the key > files where keygen put them. I don't know where Weewx is looking for them. > This is one of the undocumented mysteries (or if it is documented, i don't > know where.). > > > *I don't run the apt variant, so if you run this as other than user > 'weewx' you should (should) get a permission denied even trying to read the > weewx user's private key as any other non-privileged user. If you run > "sudo bash" to open a root shell first and 'then' the test aboveshane, it > should work hopefully if your keys are set up correctly in weewx's .ssh > tree. You'll likely get a prompt asking you to accept the remote side's > host key into that .ssh tree's known_hosts file.* > > lol yes permissions were an issue. Yes I think the problem is with user > "weewx" .ssh tree. I don't think where keygen puts the files, and where > Weewx is looking for the files is correct. Or maybe it is, I don't know. If > I run keygen as the weewx user, it puts the files in "/var/lib/weewx/.ssh". > This is where I pulled to install that public key onto the remote server so > those keys match. running the command above that actually points to the > private key works. > > *So from weewx.conf:* > > > * # If you wish to use rsync, set "enable" to "true", then # > fill out server, user, and path. # The server should appear in your > .ssh/config file.* > > This is the part I was struggling with. It was "what is this config file > thing and where does it go". Apparently I did not know what to search for > online to find documentation on this as any search for config immediately > pulled up crap for running rsync in daemon mode with rsyncd.conf and not > what this config file was. > > *Mine looks like the following, FWIW:* > > > > > *Host myhostname.domain.com <http://myhostname.domain.com> nnn.nnn.nnn.nnn > <= edit IdentityFile ~/.ssh/my_private_key_filename <= > edit user remote_user_on_server <= edit hostname > nnn.nnn.nnn.nnn <= edit* > > Ok so I created the config file as "/var/lib/weewx/.ssh/config" > > Here is the file content: > > > > *Host my.host.com <http://cloud.shaneburkhardt.com> IdentityFile > /var/lib/weewx/.ssh/weewx user shane hostname my.host.com > <http://cloud.shaneburkhardt.com>* > > In trying to test this with "sudo -u weewx weectl report run RSYNC" it is > still prompting for a password. Is there supposed to be the indentation on > the last 3 lines? I tried it with, and without. > > > I* put the FQDN and ip addresses in there mainly for historical reasons > and use the ip address in weewx.conf so I don't need to rely on DNS > working.* > > > > > > > > > > * [[RSYNC]] delete = 0 skin = Rsync enable = true > server = nnn.nnn.nnn.nnn <= edit (ip > address or FQDN here) user = remote_user_on_server > <= edit path = /server_side/full/path/to/rsync/into <= > edit log_success = false log_failure = true* > > This is from my weewx.conf: > > > * skin = Rsync enable = true* > > > > * server = my.host.com <http://my.host.com> user = shane > path = /var/www/weather* > > * HTML_ROOT = /var/www/weewx delete = 0* > > I went ahead and added the log_success and log_failure, but it was doing > that anyway as I have debugging set. Unfortunately, still getting the same > error in the log: > > May 13 20:10:20 asok weewxd[81319]: DEBUG weeutil.rsyncupload: > rsyncupload: cmd: [['rsync', '--archive', '--stats', '-e', 'ssh', > '/var/www/weewx/', '[email protected]> > May 13 20:10:21 asok weewxd[81319]: ERROR weeutil.rsyncupload: rsync > reported errors. Original command: ['rsync', '--archive', '--stats', '-e', > 'ssh', '/var/www/weewx> > May 13 20:10:21 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** > Permission denied, please try again. > May 13 20:10:21 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** > Permission denied, please try again. > May 13 20:10:21 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** > [email protected] <https://groups.google.com/>: Permission denied > (publickey,password). > May 13 20:10:21 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** rsync: > connection unexpectedly closed (0 bytes received so far) [sender] > May 13 20:10:21 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** rsync > error: unexplained error (code 255) at io.c(232) [sender=3.2.7] > > > On Tuesday, May 13, 2025 at 6:23:15 PM UTC-7 vince wrote: > >> [....short answer...] >> >> There is nothing special. It is ssh-101. You need passwordless ssh set >> up as a prerequisite for rsync-over-ssh to work. Nothing weewx-specific at >> all there. >> >> [...longer answer...] >> >> Simplest test is to ssh into the remote host using the private key of the >> user you want weewx to rsync as. The incantation should be >> "ssh -i >> /var/www/weewx/.ssh/weewx_account_private_key_filename_here my.host.com >> date" >> to try to ssh in and run the date command on the far side, possibly >> adding the -v switch to provide more debugging if it doesn't work right >> away. >> >> (obviously edit in your actual filename and remote hostname or ip address >> above) >> >> I don't run the apt variant, so if you run this as other than user >> 'weewx' you should (should) get a permission denied even trying to read the >> weewx user's private key as any other non-privileged user. If you run >> "sudo bash" to open a root shell first and 'then' the test above, it >> should work hopefully if your keys are set up correctly in weewx's .ssh >> tree. You'll likely get a prompt asking you to accept the remote side's >> host key into that .ssh tree's known_hosts file. >> >> I don't remember what weewx's rsync defaults are but I personally always >> fully specify everything just to be sure I know what it's going to do >> rather than relying on app defaults. >> >> So from weewx.conf: >> # If you wish to use rsync, set "enable" to "true", then >> # fill out server, user, and path. >> # The server should appear in your .ssh/config file. >> >> Meaning.....you might need a /var/lib/weewx/.ssh/config file entry for >> your remote system. >> >> Mine looks like the following, FWIW: >> >> Host myhostname.domain.com nnn.nnn.nnn.nnn <= edit >> IdentityFile ~/.ssh/my_private_key_filename <= edit >> user remote_user_on_server <= edit >> hostname nnn.nnn.nnn.nnn <= edit >> >> I put the FQDN and ip addresses in there mainly for historical reasons >> and use the ip address in weewx.conf so I don't need to rely on DNS working. >> >> [[RSYNC]] >> delete = 0 >> skin = Rsync >> enable = true >> server = nnn.nnn.nnn.nnn <= edit (ip >> address or FQDN here) >> user = remote_user_on_server <= edit >> path = /server_side/full/path/to/rsync/into <= edit >> log_success = false >> log_failure = true >> >> Hope this helps. Basically if you can ssh in as the weewx user using >> "its" private key you specified in its .ssh/config file, rsync should work >> too. >> >> On Tuesday, May 13, 2025 at 3:47:48 PM UTC-7 Shane Burkhardt wrote: >> >>> I apologize if similar questions have been posted before, but I have not >>> found anything recent and am really banging my head against the wall. I >>> have rsync set-up but it still prompts for passwords for weewx or root >>> users, although the key pair works fine for me as user. I have run keygen >>> as weewx and as root. It looks like it saves root in the /root/.ssh >>> directory but it saves weewx in the /var/lib/weewx/.ssh directory. I have >>> copied the relevant public keys to the authorized keys file for the user on >>> the remote server I am connecting to. Still no luck. I saw very old >>> postings about a config file, but cannot figure out what that is or find >>> recent documentation of what that might be or where that should go. >>> >>> Any help would be much appreciated! >>> >>> I am running weewx on Ubuntu 24.02.02 VM installed via APT. It is using >>> the weewx user to run. My weather station is a WS5000-IP connected through >>> the GX1000 driver. The Weewx version is 5.10. >>> >>> Here is a snippet from the log: >>> May 13 15:00:23 asok weewxd[81319]: ERROR weeutil.rsyncupload: rsync >>> reported errors. Original command: ['rsync', '--archive', '--stats', '-e', >>> 'ssh', '/var/www/weewx> >>> May 13 15:00:23 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** >>> Permission denied, please try again. >>> May 13 15:00:23 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** >>> Permission denied, please try again. >>> May 13 15:00:23 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** >>> [email protected]: Permission denied (publickey,password). >>> May 13 15:00:23 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** >>> rsync: connection unexpectedly closed (0 bytes received so far) [sender] >>> May 13 15:00:23 asok weewxd[81319]: ERROR weeutil.rsyncupload: **** >>> rsync error: unexplained error (code 255) at io.c(232) [sender=3.2.7] >>> May 13 15:00:25 asok weewxd[81319]: DEBUG user.gw1000: Next update in 5 >>> seconds >>> >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/weewx-user/bc7c7682-6a23-4ef4-81d1-a6d27438ed1cn%40googlegroups.com.
