On 23.10.2008 14:35, Marc Fromm wrote: > I will try changing --rsh "ssh -l root" to -e ssh [EMAIL PROTECTED] > > On both the old server and the box pulling the backups these 3 files are in > the .ssh directory in /root: authorized_keys id_rsa id_rsa.pub. Can I > assume they are identical files on both systems?
No. In most cases you should have a distinct key-set of every user and/or server. You can use the same key-set several times, but it's usually not a good idea. And i just realized that i've written b*llshit in my first try, because my description assumes that you copied the existing key-set from the old to the new server. The authorized_keys-file contains is a list of public-keys (the contents of .pub-files), one per line that are allowed to login with the corresponding private-key (the id_rsa or id_dsa). For a password-less login you have to make sure that the contents of the .pub-file a given source (the backup-server in this case) is contained in the authorized_keys of the target-server of the ssh-connection. So the standard way is to create a key set on the source and then append or create the .ssh/authorized_keys with the contents of the .pub-file on the target. > I found an article about creating the above files: > http://blogs.sun.com/jkini/entry/how_to_scp_scp_and > > To be clear, if I want to recreate the 3 files do I create them on the system > running the rsync command and then copy the 3 files to the remote box? > > Thanks > -----Original Message----- > From: Matthias Schniedermeyer [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2008 2:25 PM > To: Marc Fromm > Cc: rsync@lists.samba.org > Subject: Re: asking for root password > > On 23.10.2008 13:29, Marc Fromm wrote: > > We are using rsync to pull backups created on our server. > > The command below is run as a cronjob and it works great. > > rsync -avu --rsh "ssh -l root" [EMAIL PROTECTED]:/var/lib/mysql/backups/ > > /backups/mysql/ > > Normaly this should be enough: > rsync -avu -e ssh [EMAIL PROTECTED]:/var/lib/mysql/backups/ /backups/mysql/ > > With a recent rsync even "-e ssh" isn't needed. > > > We have a new server that will replace the old server that rsync pulls > > backups from. > > On the system that is running rsync, I switched the servername in the > > command above to the new server. > > Rsync is failing to work because it wants the root password for the new > > server. > > Rsync does not ask for a password from the old server, even when I manually > > run the command. > > > > I did not set up the rsync routine and thus I don't know if there is a file > > on the old server that rsync is communicating with to bypass asking for > > roots password. > > > > What is required for rsync to use the above command to pull backups from > > the new server, and not want root's password entered? > > Most likely the backup-server uses a RSA or DSA key to authenticate. > > On the old server you will find the following file in the home-directory > of the root-user (/root usually): > .ssh/authorized_keys > (in rare cases: .ssh/authorized_keys2) > > The file contains a list of public-keys that are allowed to login witout > password. > > Just create the directory on the new server and copy the file over. > If you copy the contents via copy & paste you have to make sure to not > break the long line(s). > > You also have to make sure that either the permissions of the file and > every directory up to and including .ssh is only writable by root, > otherwise the sshd won't use the key file > (man sshd_config, Keyword: "strictmode"). > > The corresponding private-key can be found on your backup-server also in > .ssh directory of the home-directory of whaterver user starts the > command . The file is normally called either: id_dsa or id_rsa, if it is > called "identity" you are using SSHv1 and you should really consider > generating a new set of keys. The public key is stored in the .pub-file, > this is the long string you can seen in the authorized_keys-file. > > > > I suggest you read/google a little bit about ssh-keys, they are one of > the best inventions since sliced bread. ;-) > > > > > Bis denn > > -- > Real Programmers consider "what you see is what you get" to be just as > bad a concept in Text Editors as it is in women. No, the Real Programmer > wants a "you asked for it, you got it" text editor -- complicated, > cryptic, powerful, unforgiving, dangerous. -- Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
