Backup Central

Hi Luis,

I really appreciate your help. I've tried the key generation multiple
times and can't believe that every time I mistype the password! The
keys are phrase-less. /root/.ssh and /var/lib/backuppc/.ssh have 700
permissions. The authorized_keys file has 600 permission. The newly
created keys have 644 permissions and are set after transfer with the
command: chmod -R go-rwx ~/.ssh

On the server, I su to root then su to backuppc. Working as backuppc,
the command that is not working is:

scp ~/.ssh/BackupPC_id_rsa.pub root < at > 192.168.1.101:/root/.ssh/

I get no error, just a prompt to enter the root password for
192.168.1.101. I enter the password, but it is not accepted and asks me
to try again. I can occasionally mistype a complicated password, but I
have carefully checked each key stroke.

Working as root on machine at 192.168.1.101, the command that is not
working is:

scp ~/.ssh/client_id_rsa.pub
root < at > 192.168.1.106:/var/lib/bacuppc/.ssh/client_id_rsa.pub

Again, no error and prompted for root password which is not accepted.

I have root passwords for both of these machines and have no problem
elevating to root to execute all other functions.


As a test, I ssh connected to the backuppc server at 192.168.1.106 from
192.168.1.101. I issued the following command:

scp /home/ken/20100308.backuppc_install.txt ken < at > 192.168.1.101:/home/ken/

I was prompted for password for ken and the command completed with no
problem. -- ken

On Thu, 2010-03-11 at 18:56 +0000, Luis Paulo wrote:

So,
you may tell us exactly the scp command you are trying (or use
ssh-copy-id command instead, which I recommend).

I would still try to connect between two non root users to see if it
also doesn't work

Are you creating rsa files with or without password?

Wrong permissions for the .ssh dir may also be the problem.
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
Remember to restart ssh after changes

maybe show us your client /etc/ssh/sshd_config if none of the above
helps/work (check for AllowUsers directives, etc)

Luis

PS: I guess you are planning to use
$Conf{RsyncClientCmd} = '$sshPath -q -x -l root $host $rsyncPath
$argList+';


On Thu, Mar 11, 2010 at 2:48 PM, Kenneth L. Owen
<tx836519 < at > bellsouth.net> wrote:
Hi Luis,

I thought you had the answer! But when I checked, I found the files
are
set to allow root logon. -- ken
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ BackupPC-users mailing list BackupPC-users < at > lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/


------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Hi Luis,

Just as I thought, it now works!!! Thanks to you for sticking with me
to find my mistake. Only on a computer can you find twenty ways to make
the same mistake! -- ken

PROBLEM SOLVED <<<


============== previous reply ======================
Hi Luis,

I did a line by line compare of our sshd_config files. While your file
has:
#PermitRootLogin no
my file has:
PermitRootLogin yes
Commented out or set to yes should be equivalent.

BUT I did find that at some point in time, I had added:
AllowUsers ken
to deny access to all except specified users.

I revised this to
AllowUsers ken, backuppc, root

I can now login as root:
ssh root < at > hostname
password for root: ****************

I believe that this was the problem, but will have to try sending the
keys to be sure. I will let you know after I have run back and forth
between the machines. -- ken


On Sat, 2010-03-13 at 00:48 +0000, Luis Paulo wrote:
Hi, ken
Sorry for the delay.

I can't understand why the root password is not accepted.
You may try the -v switch, as in

scp -v ~/.ssh/BackupPC_id_rsa.pub root < at > 192.168.1.101:/root/.ssh/

Next is my sshd_config. See if it helps

Hi Luis,

I really appreciate your help. I've tried the key generation
multiple times and can't believe that every time I mistype the >> >>
password! The keys are phrase-less. /root/.ssh
and /var/lib/backuppc/.ssh have 700 permissions. The authorized_keys
file has 600 permission. The newly created keys have 644 permissions
and are set after transfer with the command: chmod -R go-rwx ~/.ssh

On the server, I su to root then su to backuppc. Working as
backuppc, the command that is not working is:

scp ~/.ssh/BackupPC_id_rsa.pub root < at > 192.168.1.101:/root/.ssh/

I get no error, just a prompt to enter the root password for
192.168.1.101. I enter the password, but it is not accepted and asks
me to try again. I can occasionally mistype a complicated password,
but I have carefully checked each key stroke.

Working as root on machine at 192.168.1.101, the command that is not
working is:

scp ~/.ssh/client_id_rsa.pub
root < at > 192.168.1.106:/var/lib/bacuppc/.ssh/client_id_rsa.pub

Again, no error and prompted for root password which is not accepted.

I have root passwords for both of these machines and have no problem
elevating to root to execute all other functions.

As a test, I ssh connected to the backuppc server at 192.168.1.106
from 192.168.1.101. I issued the following command:
scp /home/ken/20100308.backuppc_install.txt
ken < at > 192.168.1.101:/home/ken/

I was prompted for password for ken and the command completed with no
problem. -- ken

On Thu, 2010-03-11 at 18:56 +0000, Luis Paulo wrote:

So,
you may tell us exactly the scp command you are trying (or use
ssh-copy-id command instead, which I recommend).

I would still try to connect between two non root users to see if it
also doesn't work

Are you creating rsa files with or without password?

Wrong permissions for the .ssh dir may also be the problem.
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
Remember to restart ssh after changes

maybe show us your client /etc/ssh/sshd_config if none of the above
helps/work (check for AllowUsers directives, etc)

Luis

PS: I guess you are planning to use
$Conf{RsyncClientCmd} = '$sshPath -q -x -l root $host $rsyncPath
$argList+';


On Thu, Mar 11, 2010 at 2:48 PM, Kenneth L. Owen
<tx836519 < at > bellsouth.net> wrote:
Hi Luis,

I thought you had the answer! But when I checked, I found the
files are set to allow root logon. -- ken


------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

On 3/13/2010 9:47 AM, Luis Paulo wrote:

* the link I sent uses a different approach. You ssh as backuppc user
and then you sudo to do the backup - $Conf{RsyncClientCmd}. Your rsa
keys for backuppc user on both machines don't have password, but the
root keys may now have passwords.

* If you could sudo as backuppc to run any command, we will not have
gain much.

* Thats where visudo comes to restrict the commands a user can run as
root (sudo)

Ssh is equally capable of restricting the commands that can be run
directly. But either way, if you allow files to be restored as root,
someone who has the ssh key and understands the process basically owns
the machine.

--
Les Mikesell
lesmikesell < at > gmail.com

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/