On 8/25/06, Peter H. Coffin <[EMAIL PROTECTED]> wrote:
On Fri, Aug 25, 2006 at 02:42:32PM -0700, Greg Thomas wrote:
> On 8/25/06, Alexander Hall <[EMAIL PROTECTED]> wrote:
> >Greg Thomas wrote:
> >> On 8/25/06, Alexander Hall <[EMAIL PROTECTED]> wrote:
> >>> Greg Thomas wrote:
> >
> >>> Here you are running the entire script as root (using sudo), and
> >>> therefore ssh is run as root, which does not have your keys.
> >>
> >> Understood but how come the exact setup works from my system corn to
> >> rice ( but not grits to rice)? corn is 3.8, grits is 3.9, and rice is
> >> 4.0. Default ssh setup on all three except for:
> >>
> >> PermitRootLogin no
> >
> >One possibility could be that you have, on corn, copied the private key
> >into /root/.ssh/, e.g. /root/.ssh/id_rsa.
> >
>
> That's what I gathered from the earlier messages. But there is
> nothing in any of my /root/.ssh directories except for known_hosts
> left over from first login post-installation before I set
> "PermitRootLogin no".
That's the problem. ssh behaves a little differently from the shell
under sudo control. See, when you do sudo, you end up being just you
with superuser powers. BUT, ssh sees this and assumes your identity to be
root instead. You can see this with a -v option on the ssh command:
$ sudo ssh -v [EMAIL PROTECTED]
OpenSSH_4.3, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to gehenna [192.168.1.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0 <--- BOOM, you're root.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
...
so, the fact that /root/.ssh is empty *is* the problem, and you
can/should generate an appropriate keypair for this process and dump it
into root's .ssh directory. Then the script will work as-is.
The whole backup thing, to my mind, should be running as part of
/etc/daily or whatever, which means it's root's responsibility in the
first place.
These are laptops so I probably won't add it to /etc/daily.
Anyway, here's one level of verbose output from the system where I
don't get prompted for my password:
This is the line I don't understand since I'm using sudo:
debug1: Offering public key: /home/ethant/.ssh/id_rsa
Although it does use known_hosts from /root/.ssh:
debug1: Found key in /root/.ssh/known_hosts:[EMAIL PROTECTED] sudo ls -al
/root/.ssh
total 12
drwx------ 2 root wheel 512 Nov 12 2005 .
drwx------ 5 root wheel 512 Aug 24 00:00 ..
-rw-r--r-- 1 root wheel 1064 Aug 24 00:03 known_hosts
[EMAIL PROTECTED] sudo test.sh
Password:
DUMP: Date of this level 1 dump: Fri Aug 25 21:51:56 2006
DUMP: Date of last level 0 dump: Thu Aug 24 00:03:12 2006
DUMP: Dumping /dev/rwd0a (/) to standard output
DUMP: mapping (Pass I) [regular files]
OpenSSH_4.2, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to rice [192.168.1.17] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
DUMP: mapping (Pass II) [directories]
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'rice' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ethant/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: cat > /laptops/corn/20060825_root1.dump.gz
DUMP: estimated 144 tape blocks.
DUMP: Volume 1 started at: Fri Aug 25 21:51:58 2006
DUMP: dumping (Pass III) [directories]
DUMP: dumping (Pass IV) [regular files]
DUMP: 147 tape blocks
DUMP: Volume 1 completed at: Fri Aug 25 21:51:59 2006
DUMP: Volume 1 took 0:00:01
DUMP: Volume 1 transfer rate: 147 KB/s
DUMP: Date of this level 1 dump: Fri Aug 25 21:51:56 2006
DUMP: Date this dump completed: Fri Aug 25 21:51:59 2006
DUMP: Average transfer rate: 147 KB/s
DUMP: level 1 dump on Fri Aug 25 21:51:56 2006
DUMP: DUMP IS DONE
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
