mirroring with rsync (mulitple servers)

[edpatterson]

The tutorial worked just fine for a single server. Then I attempted to add another by generating a key, copying it to the source server and appending it to the authorized_keys file. I duplicated everything only changing the hostname of the target machine.
Now when I try to sync I get a message that smartcards are not supported and am prompted for the password. Entering the password on the original machine works, from the second one fails.

I have 14 squid servers and am looking for a way to sync the url lists. I thought rsync would be a nice lightweight (easy on the brain) way to do it.

Ideas on what I did wrong or possibly a better/easier way?

Thanks,
Ed

[falko]

Does it work if you remove the "command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty" part from all lines in authorized_keys?

[edpatterson]

No, I deleted everything up to ssh-dss. It still reports no support for smartcards and requests the password.

[falko]

What's your rsync command?

Also, did you compare your setup with the tutorial? Maybe you've made a typo somewhere?

[edpatterson]

It worked fine when I first did the tutorial. Then I attempted to add another machine a week or so and a bunch of successful sync's later. That is when the problem started.
Here is what I did to break it.
Built another server
Created a ssh key-pair (ssh-keygen -t dsa -b 1024 -f /root/rsync/server3-rsync-key)
Copied the server3-rsync-key.pub to server1:/home/rsyncer/.ssh/
Added the key to the existing authorized_keys file (cat server3-rsync-key.pub >> authorized_keys)
Prepended 'command="/home/rsyncer/rsync/checkrsync", from="server3", no-port-forwarding,no-X11-forwarding,no-pty'
Then from server3
rsync -avz -e "ssh -I /root/rsync/server3/rsync/server3-rsync-key" rsyncer@server1:/tmp/sync-test
The smartcard error and prompt for password, no files transfered.
I am thinking that maybe you can not have more than one line in the authorized_keys file. But then that would make it authorized_key.
I will try to look up more info on ssh. It seemed to me like it would work.

[falko]

Quote:

Originally Posted by edpatterson

I am thinking that maybe you can not have more than one line in the authorized_keys file.

No, that's not true. You can have more than one line in that file. I'm using rsync mirroring with multiple servers at the same time.

[edpatterson]

OK, I have gone to the source (literally) and am reading all I can find. I obviously screwed something up.

Another different but related question. Do the ssh keys use the IP address? I am going to be building all my servers at one location then rolling them out. I generate the keys as part of the build/test process. Will I need to regenerate the keys when they change subnets?

[falko]

Quote:

Originally Posted by edpatterson

Will I need to regenerate the keys when they change subnets?

No, that's not necessary.

[edpatterson]

OK, this is getting personal :-)

I copied the how-to into an editor and changed the server1 and mirror names to reflect the actual names I am using. I redid the whole thing from scratch. On the final step it is asking for the unprivilidged users password (listadmin in my case). Everything works if I enter the password.

I am somewhat confused why I generated a passwordless key set then told ssh to use a different users account.

Am I getting closer?

[falko]

Can you remove the part from post #2 and try again?