[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Rsync Setup Question
- Subject: Re: [cobalt-users] Rsync Setup Question
- From: Jim Dory <jdory@xxxxxxxxxxxxxx>
- Date: Fri Mar 5 09:20:01 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Dave's List Addy wrote:
Read the archives, Google'd to death and read the man pages on Rsync. Maybe
it's a little over my head here.
To place this in a cron won't work like this I am thinking, I read up on the
creation of new ssh keys, but that is where it gets fuzzy. Anyone one have a
laymen's how-to for us remedial folks :)
Maybe for once I can help someone instead of being on the recieving end.
I am mostly confused by all this stuff but was able to get RSA
Authentication working using these simple steps:
http://kmself.home.netcom.com/Linux/FAQs/sshrsakey.html
One caveat - depending on version of ssh or something.. this link faq
worked on one server but on another I had to do a
ssh-keygen -t rsa
(specify -t for type). Everything else seemed to work easily..
one other thing that differed..
rather than identity.pub and identity, it saved the info as
id_rsa.pub, etc.
I think that's all. easy deal. If you specify a passphrase it seems to
want to require that at logon... or leave it /null.
Here's a bit more from a flexbackup tut (I don't know diffs between rsa
and dsa, but both work):
Let's assume that you want to backup some directories or filesystems
from another host. After all, you've just paid big money for the DLT
drive on your main host, so now you should take advantage of it and use
it to backup your other machines. In addition, you want these backups to
happen in the middle of the night. First, you need to set up
password-less ssh login to the remote machine.
1.
As root on the machine with the tape drive, do the following
(|local| is the machine with the tape drive; |remote| is the
machine that you wish to backup to the local tape drive):
# ssh-keygen -t dsa
2.
This will create the files |id_dsa| and |id_dsa.pub| in the .ssh
directory. The file |id_dsa| is your private key and will remain
on the host that has the tape drive. You will need to transfer
|id_dsa.pub| to the remote host:
# scp user@remote .ssh/id_dsa.pub remote:
# ssh user@remote
remote# su root
remote# cat /home/user/id_dsa.pub >> /root/.ssh/authorized_keys2
remote# rm /home/user/id_dsa.pub
remote# exit
3.
Next, you may have to adjust your sshd_config file to permit root
to login via ssh. While sshd_config ships with root logins
enabled, almost all sysadmins disable this feature to enhance
security. Edit /etc/sshd_config to so that the PermitRootLogin
line looks like this:
PermitRootLogin without-password
This will only permit root to login with the private key stored on
the local machine. This is moderately secure.
However, you should decide whether this is an acceptable level of
risk for your environment. The other
(and arguably better) approach would be to set up another user who
would login without a password and would then
be able to sudo the necessary commands for the backup.
4.
Verify that you can login to the remote machine as root with no
password:
# ssh root@remote or ssh -l root remote
should get you a prompt on the remote machine without requiring you
to type a password.
--
Jim D