PDA

View Full Version : mirror with rsync

Dustcloud4
15th August 2006, 23:07
Hi everyone.

I have tried to follow the instructions to the letter, but it still asks me for a password in the last section. I am running Fedora Core 5 boxes with all the updates. I know I am making a mistake somewhere and I hope someone can point it out to me :)

This is what I get for an output:

[backup@abc ~]$ rsync -avz --delete -e "ssh -vi /root/rsync/mirror-rsync-key" backup@server.com:/var/www/ /var/www/
OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server.com [IP_Address] port 22.
debug1: Connection established.
debug1: identity file /root/rsync/mirror-rsync-key type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server.com' is known and matches the RSA host key.
debug1: Found key in /home/backup/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/rsync/mirror-rsync-key
debug1: Remote: Forced command: /home/backup/rsync/checkrsync
debug1: Remote: Your host 'host-X-X-X-X.midco.net' is not permitted to use this key for login.
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
backup@server.com's password:

Another question I had was after running "ssh-keygen -t dsa -b 2048 -f /root/rsync/mirror-rsync-key", I get this "DSA keys must be 1024 bits"
Is the difference because a Debian box was used for the example?

I am new to Linux so if I am missing some crucial information, please don't hesitate to let me know.


Thanks,

Dustin
sjau
16th August 2006, 00:26
I guess that's the reason:


debug1: Remote: Your host 'host-X-X-X-X.midco.net' is not permitted to use this key for login.

Maybe you didn't handle the public keys right... please check that again.
Dustcloud4
16th August 2006, 16:48
I've tried the whole tutorial about 5 times now, I'll give it another shot :)
Dustcloud4
16th August 2006, 18:12
I still have not been able to get it to work...The only thing that I see that I have to do differently is when i put the command "ssh-keygen -t dsa -b 2048 -f /root/rsync/mirror-rsync-key" I get the message, "DSA keys must be 1024 bits"

I don't think changing it to a 1024bits would be a problem. I have tried this about six times now copying and pasting. If anyone has any type of suggestion please let me know..

Thanks,

Dustin
falko
17th August 2006, 17:56
Are you referring to this tutorial? http://www.howtoforge.com/mirroring_with_rsync


Another question I had was after running "ssh-keygen -t dsa -b 2048 -f /root/rsync/mirror-rsync-key", I get this "DSA keys must be 1024 bits"
Is the difference because a Debian box was used for the example?That's possible. I didn't try this on Fedora.
Bicet
11th December 2006, 11:59
I've got the same problem with 2048/1024bit, is there something else that I've got to setup?

I'm on ubuntu...
falko
12th December 2006, 14:51
Have you tried with 1024 then?
Bicet
12th December 2006, 14:56
Sure I've tried and it doesn't work...
falko
13th December 2006, 14:42
Do you use Debian?
Bicet
13th December 2006, 14:48
I'm using Ubuntu that has a Debian base.
falko
14th December 2006, 21:16
That could already be a problem. I haven't tried this on Ubuntu...
ode2k
14th December 2006, 22:17
I have the same issue using CentOS 4.2. I've followed the exact steps 3 times, but it still doesn't seem to allow it. There must be a config somewhere that we can set to 'allow' our host to use the keys, but I'm just not sure where...
ode2k
15th December 2006, 01:11
I figured it out. In the tutorial (page 2, step 5), when you add the line:

command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty

to the beginning of: /home/someuser/.ssh/authorized_keys:

You should have a comma at the end of that string and make sure that it's on it's own line. So in:
vi /home/someuser/.ssh/authorized_keys

It should be:

command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty,

ssh-dss AAAAB3NzaC1kc3MAAA[...]lSUom root@mirror


Instead of:

command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3NzaC1kc3MAAA[...]lSUom root@mirror


You should just be able to change the authorized_keys to reflect this, then test the rsync again (step 6). After that change it should work to use rsync with the key instead of prompting you for a password. :D
Bicet
15th December 2006, 10:19
I will give a try :D
Bicet
15th December 2006, 11:51
Here's what I've got :D

OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to omega.netsolutionsvenice.com [85.32.108.186] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/rsync/mirror-rsync-key type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-5ubuntu1
debug1: match: OpenSSH_4.3p2 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'omega.netsolutionsvenice.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/rsync/mirror-rsync-key
Connection closed by 85.32.108.186
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: unexplained error (code 255) at io.c(463) [receiver=2.6.8]


Do you know what the problem can be?
falko
16th December 2006, 12:19
Could be a problem with your keys, or maybe the contents of the authorized_keys file is wrong.
attilahooper
4th July 2008, 20:29
This solution worked for me, between Fedora core 8 and 9 boxes.

Thx.