Back in October, I was a Linux newbie struggling to get BackupPC to
work and was successful in a very short time with the great support I got here
(Ref: Almost Working). Since then, I’ve monitored the system
operation and performed two restore tests, one from a full backup and one
mid-stream off of the incremental files. The total byte count was about
75 GBytes with a perfect score by comparison of every single byte. The BackupPC
system works GREAT!
Since the testing, I’ve moved on to another issue that was
brought to my attention during the work to get BackupPC working: Fedora was probably not the best distribution of
Linux to run a server function. While working with other
distro’s, I goofed and trashed my perfectly running system. I have
rebuilt it up to the point of installing my ssh-keys for rsync. In as far
as I know, I’m doing the same thing as before when it worked out just
fine. This time, it all looks good during the setup, but ‘backuppc’
user is not getting ‘root’ authority when tested. I’ve
tried several times, consistently getting the same result. I am hoping
that someone will see where this somewhat less of a newbie is messing up.
All comments are welcome. -- ken
Below is a transcript of the last session:
Starting on my Windows-server, I removed
previous setup from /root/.ssh:
[root@WinServer .ssh]# rm -f *
[root@WinServer .ssh]# ls -al
total 16
drwx------ 2 root root 4096 2008-11-29 16:50 .
drwxr-x--- 27 root root 4096 2008-11-29 16:22 ..
Next, I generated a key-pair on the
Windows-server:
[root@WinServer .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fe:a0: … :7b:9e [email protected]
ç Ref at end
[root@WinServer .ssh]#
I verified the archiving host was listed
in /etc/hosts:
[root@WinServer .ssh]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 WinServer.localdomain
WinServer WinServer
::1 localhost6.localdomain6
localhost6
192.168.1.106 Archiver.localdomain Archiver
<<<==== this is it
[root@WinServer .ssh]#
On the archiver, I removed the old
configuration from /var/lib/BackupPC/.ssh,
changed to user 'backuppc' on
/var/lib/BackupPC and created a key-pair:
[root@Archiver .ssh]# rm -f *
[root@Archiver .ssh]# ls -al
total 16
drwx------ 2 backuppc root 4096 2008-11-29 16:53 .
drwxr-x--- 8 backuppc root 4096 2008-11-26 21:26 ..
[root@Archiver .ssh]# su -s /bin/bash - backuppc
-bash-3.2$ whoami
backuppc
-bash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/BackupPC/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/BackupPC/.ssh/id_rsa.
Your public key has been saved in /var/lib/BackupPC/.ssh/id_rsa.pub.
The key fingerprint is: 34:e2: … :e8:73 [email protected]
-bash-3.2$ cp ./.ssh/id_rsa.pub ./.ssh/BackupPC_id_rsa.pub
-bash-3.2$ ls ./.ssh
BackupPC_id_rsa.pub id_rsa id_rsa.pub
-bash-3.2$ scp ./.ssh/BackupPC_id_rsa.pub
[email protected]:/root/.ssh/
The authenticity of host '192.168.1.101 (192.168.1.101)' can't be
established.
RSA key fingerprint is 57:e6: … :7a:c6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.101' (RSA) to the list of known
hosts.
[email protected]'s password:
BackupPC_id_rsa.pub 100% 411
0.4KB/s 00:00
-bash-3.2$
Back on the Windows-server, I added
BackupPC_id_rsa.pub to authorized_keys2:
[root@WinServer .ssh]# ls -al
total 40
drwx------ 2 root root 4096 2008-11-29 16:53 .
drwxr-x--- 27 root root 4096 2008-11-29 16:22 ..
-rw-r--r-- 1 root root 411 2008-11-29 16:53
BackupPC_id_rsa.pub
-rw------- 1 root root 1675 2008-11-29 16:50 id_rsa
-rw-r--r-- 1 root root 408 2008-11-29 16:50 id_rsa.pub
[root@WinServer .ssh]# cat BackupPC_id_rsa.pub >>
authorized_keys2
[root@WinServer .ssh]#
Edited Authorized_keys2 to add
'from="Archiver.localdomain"':
[root@WinServer .ssh]# cat authorized_keys2
from="Archiver.localdomain" ssh-rsa AAAA … more stuff …
GnuNXOxYw== [email protected]
[root@WinServer .ssh]#
Sent id_rsa.pub to archiver:
[root@WinServer .ssh]# scp id_rsa.pub
[email protected]:/var/lib/BackupPC/.ssh/client_id_rsa.pub
The authenticity of host '192.168.1.106 (192.168.1.106)' can't be
established.
RSA key fingerprint is 01:a8:0d:1e: … :aa:10.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.106' (RSA) to the list of known
hosts.
[email protected]'s password:
id_rsa.pub 100% 408
0.4KB/s 00:00
[root@WinServer .ssh]#
Now, on archiver:
-bash-3.2$ cat ./.ssh/client_id_rsa.pub >> ./.ssh/known_hosts
-bash-3.2$ ls ./.ssh
BackupPC_id_rsa.pub client_id_rsa.pub id_rsa
id_rsa.pub known_hosts
-bash-3.2$ rm ./.ssh/client_id_rsa.pub
rm: remove write-protected regular file `./.ssh/client_id_rsa.pub'? y
-bash-3.2$ ls ./.ssh -al
total 48
drwx------ 2 backuppc root 4096 2008-11-29
17:08 .
drwxr-x--- 8 backuppc root 4096 2008-11-26
21:26 ..
-rw-r--r-- 1 backuppc backuppc 411 2008-11-29 16:56
BackupPC_id_rsa.pub
-rw------- 1 backuppc backuppc 1671 2008-11-29 16:55 id_rsa
-rw-r--r-- 1 backuppc backuppc 411 2008-11-29 16:55 id_rsa.pub
-rw-r--r-- 1 backuppc backuppc 803 2008-11-29 17:07 known_hosts
-bash-3.2$ chmod -R go-rwx ./.ssh
-bash-3.2$ ls ./.ssh -al
total 48
drwx------ 2 backuppc root 4096 2008-11-29
17:08 .
drwxr-x--- 8 backuppc root 4096 2008-11-26
21:26 ..
-rw------- 1 backuppc backuppc 411 2008-11-29 16:56
BackupPC_id_rsa.pub
-rw------- 1 backuppc backuppc 1671 2008-11-29 16:55 id_rsa
-rw------- 1 backuppc backuppc 411 2008-11-29 16:55 id_rsa.pub
-rw------- 1 backuppc backuppc 803 2008-11-29 17:07 known_hosts
... and do same chmod on Windows-server:
[root@WinServer .ssh]# chmod -R go-rwx .
[root@WinServer .ssh]# ls -al
total 64
drwx------ 2 root root 4096 2008-11-29 17:00 .
drwxr-x--- 27 root root 4096 2008-11-29 16:58 ..
-rw------- 1 root root 439 2008-11-29 16:58
authorized_keys2
-rw------- 1 root root 411 2008-11-29 16:55
authorized_keys2~
-rw------- 1 root root 411 2008-11-29 16:53
BackupPC_id_rsa.pub
-rw------- 1 root root 1675 2008-11-29 16:50 id_rsa
-rw------- 1 root root 408 2008-11-29 16:50 id_rsa.pub
-rw------- 1 root root 395 2008-11-29 17:00 known_hosts
[root@WinServer .ssh]#
Should be done all but the final TEST:
-bash-3.2$ ssh -l root WinServer whoami
The authenticity of host 'WinServer (192.168.1.101)' can't be
established.
RSA key fingerprint is 57:e6: … :7a:c6. ç Should this be the same as when created in
step one?
Are you sure you want to continue connecting (yes/no)? ^C <<<=== ABORTED DUE TO FAILURE
-bash-3.2$