At 10:48 AM 12/20/2002 -0600, you wrote:
At 08:31 AM 12/20/2002 -0800, you wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Any way to fire off an SSH tunnel connection and run it as a > daemon, so that if something happens and it drops, I don't have to > manually bring it back up? sshd (at least on the "receiving" machine) :)Well I figured that part!!! :D
Hi,The main trick, the smoke and mirrors of rsync over ssh is getting the ssh session authenticated without having to manually type in passwords. Of course, you want your backups automated!
For a better understanding, let me describe what you need to do for a one-way authentication with specified authentication flow, then you'll understand how to do bi-directional authentication, should you need it.
Say you have server A that will recieve/hold the backup data, then you have server B which you need to backup. On server B, generate your ssh keys with ssh_keygen for the user that will be authenticated for backups. I always name my ssh keys based on the hostname so that I can have have multiple keys for differing servers exist in the same account. Make sure that user exists on your target server A. Copy the PUBLIC(!) key generated on server B at (default) $USERHOMEDIR/.ssh/somekey.pub to server A at $USERHOMEDIR/.ssh/somekey.pub.
You now need two files on server A in your ~/.ssh/ directory that contain your somekey.pub. To create these:
1) cat ~/.ssh/somekey.pub >> ~/.ssh/known_hosts (or known_hosts2 depending upon which ssh protocol you use to authenticate)
2) cat ~/.ssh/somekey.pub >> ~/.ssh/authorized_keys (or authorized_keys2 depending upon which ssh protocol you use to authenticate)
You should be able to login to server A from server B without a password at this point.
Switch the As and Bs around to create bi-directional authentication.Gotcha's: /etc/ssh/sshd_config, /etc/ssh/ssh_config, Firewall configs, ipfwadm, IPchains, IPtables
If you have questions over the holidays, I should be monitoring email, though not terribly frequently. I'd be happy to help.
Cheers, Glenn