[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] where is /bin/bash started? WAS: backing-up using rsync+ssh
- Subject: Re: [cobalt-users] where is /bin/bash started? WAS: backing-up using rsync+ssh
- From: Christopher Jay Manders <Chris.Manders@xxxxxxxxxxxxxxxx>
- Date: Fri Sep 28 09:32:09 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi Glen,
Actually, you can do this a number of ways. Here is another plan. It
assumes you
have ssh, and ssh-keygen... and SSHD is running.
As a user on another box, maybe windblows or UNIX. Use 'ssh-keygen' to
create a
keypair. Do it on one of the machines you plan to access the server
from. I
will call this machine WorkStation1, and the RaQ will be Server1.
So, you generate your keypair (a public and a private key) using
ssh-keygen.
Just typing 'ssh-keygen' should do it for you.
You should then have two files (in UNIX they would be under ~/.ssh/ ).
Normally the files are called 'identity' and 'identity.pub'.
The '.pub' is the public key you can share everywhere.
The 'identity' file is PRIVATE and should be guarded for all it is
worth. If
someone gets that part, then you are potentially hosed. Still, this is
Very much
more secure than even using ssh-agent, since you need the file
'identity' to
make this system work, plus the passphrase. Anyway, you can either have
a
passphrase with this method or not (just hit <enter> when prompted for
the
passphrase). I suggest the passphrase on top of it all, as then with the
file
'identity' file someone would need alot of energy to get your passphrase
(depends on the person, though;).
Then copy your 'identity.pub' file to the root account of Server1, as
'~root/.ssh/authorized_keys'.
Make sure you have chmoded this critter to be 400.
Also, make sure that the whole .pub contents are all on one line It
should look
like: small number, then one space at the beginning, then a loooong
string of
numbers, then a space, and finally some text at the very end (your
email/username, potentially, but could be anything you like). Spaces in
the
middle will foul the workings of this method.
Now when you ssh from WorkStation1, as long as you point correctly at
the
'identity' file (within UNIX this is done with the -i switch to ssh (eg.
ssh -i
~/.ssh/identity -l root Server1.yourname.com). It should prompt for the
passphrase.
ssh-agent is likely not necessary, either. It is really mostly for X
traffic
forwarding. You get the same results using my method. In fact, you need
not do
anything else, since the login automatically tunnels the X traffic back
to the
Workstation1 if the Server1's SSHD has been configured to allow
X-Forwarding.
On WindBlows I use F-Secure (not free) and have my config point to my
local
indetity file. I run 'Xceed' from Hummingbird (not free X window layover
windblows). I log into my server1 and type 'netscape&' and it comes
right onto
my windblows machine.
On my Sun Ultra 60 workstation I have an account: cmanders. I copied my
'identity*' files into my home directory under ~cmanders/.ssh/. I then
use 'ssh
-l root server1.myname.com' and enter my passphrase. Once on, again,
'netscape&'
automatically appears on my Sun from Server1.
If it does not work, you can usually figure out what is going on using:
'ssh -v
-l root Server1.myname.com' (-v does verbose debug stuff).
I hope that helps. If not, read the SSH FAQ, which has all of this in
there....
Christopher
Glenn Parsons wrote:
> Hello All,
>
> I'm hoping Glen Scott is lurking around here. Maybe someone else can help
> me?
>
> I've really done my research on this and am ready to set my servers up!
> However, I need to find the "magic" file to insert the follorwing command:
>
> ssh-agent $SHELL
>
> I am setting up an ssh1 authentication without password. I saw others who
> were suggesting not using a passphrase, but I felt that was just too
> unsecure. In order to authenticate without a password or passphrase you have
> to run the shell withing ssh-agent. All the documentation that I have read
> has been little help in figuring out where to launch this.
>
> Thanks,
> Glenn
>
> > -----Original Message-----
> > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Glen Scott
> > Sent: Wednesday, September 26, 2001 3:37 AM
> > To: cobalt-users@xxxxxxxxxxxxxxx
> > Subject: RE: [cobalt-users] backing-up using rsync+ssh
> >
> >
> > >I am just beginning to work out this method. I had made a comment about
> > >backing up MySQL databases using mysqldump a day or two ago.
> > >
> > >I have just recently managed to gert rsync + ssh working. I had great
> > >difficulty testing over a firewall! Now that I have it working, could you
> > >tell me how to get it to work in a script without having ssh on the other
> > >end asking for a password? I have created an rsync.scrt file.
> > Would I maybe
> > >have permissions set incorrectly on that?
> > >
> >
> > There is a great article on password-less logins at the following URL:
> >
> > http://www-106.ibm.com/developerworks/library/l-keyc.html
> >
> > Regards,
> >
> > Glen Scott
> >
> > --
> > ---
> > Design Solution Limited
> > t: +44 (0)1502 513008
> > f: +44 (0)1502 588622
> > e: info@xxxxxxxxxxxxxxxxxxxx
> > w: http://www.designsolution.co.uk
> > Nouvotech House, Harbour Road,
> > Oulton Broad, Suffolk, NR32 3LZ, UK
> > ---
> > DS Knowledge Base http://faq.dessol.co.uk
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users