Back Up Linux And Windows Systems With BackupPC - Page 4

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Thu, 2007-01-25 14:41. ::

5.1 Configure The SSH Tunnel

The rsync backup will be tunneled through SSH. The backup is run as the user backuppc, therefore this user must be able to login to falko-desktop as root without being prompted for a password. Therefore we must exchange public keys to allow password-less logins for backuppc.

First we must log in on falko-desktop on the shell and create a root login (if you don't use Ubuntu you most probably have one already):

falko-desktop:

sudo passwd root
sudo su

Now that you're logged in as root, install OpenSSH and rsync:

falko-desktop:

apt-get install rsync ssh openssh-server

Then create a private/public key pair:

falko-desktop:

ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
<-- <ENTER>
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
<-- <ENTER>
Enter same passphrase again: <-- <ENTER>
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
0f:95:00:4b:fd:c3:cc:0b:1f:2b:00:c9:29:bf:ca:4e root@falko-desktop

If you don't have a DNS record for server1.example.com, you should add server1.example.com to /etc/hosts now:

falko-desktop:

vi /etc/hosts

[...]
192.168.0.100   server1.example.com server1
[...]

Next we create a private/public key pair on server1.example.com. We must do this as the user backuppc!

server1.example.com:

su backuppc
ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa):
<-- <ENTER>
Created directory '/var/lib/backuppc/.ssh'.
Enter passphrase (empty for no passphrase):
<-- <ENTER>
Enter same passphrase again: <-- <ENTER>
Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
The key fingerprint is:
74:20:65:73:47:1c:cb:ba:5d:9b:5d:56:cf:91:1a:1a backuppc@server1.example.com

Then we copy the public key to falko-desktop. Make sure you use falko-desktop's current IP address in the scp command:

server1.example.com:

cp ~/.ssh/id_rsa.pub ~/.ssh/BackupPC_id_rsa.pub
scp ~/.ssh/BackupPC_id_rsa.pub root@192.168.0.213:/root/.ssh/

The authenticity of host '192.168.0.213 (192.168.0.213)' can't be established.
RSA key fingerprint is 9b:66:3e:ce:b4:8d:63:00:ba:87:14:b2:94:03:cb:a8.
Are you sure you want to continue connecting (yes/no)?
<-- yes
Warning: Permanently added '192.168.0.213' (RSA) to the list of known hosts.
root@192.168.0.213's password:
<-- root password for falko-desktop
BackupPC_id_rsa.pub 100% 410 0.4KB/s 00:00

Next we append backuppc's public key to ~/.ssh/authorized_keys2 on falko-desktop (we do this as root):

falko-desktop:

cat ~/.ssh/BackupPC_id_rsa.pub >> ~/.ssh/authorized_keys2

If you have a proper DNS record for server1.example.com or added it to falko-desktop's /etc/hosts file, you can now open ~/.ssh/authorized_keys2 and add from="server1.example.com" at the beginning of the file. Thus only server1.example.com can enjoy password-less logins. (If server1.example.com cannot be resolved on falko-desktop, then don't add from="server1.example.com")

falko-desktop:

vi ~/.ssh/authorized_keys2

from="server1.example.com" ssh-rsa AAAAB3[...]FMZpdAj8Hs9107tZ97Rq2oO/Zw== backuppc@server1.example.com 

Then copy root@falko-desktop's public key to server1.example.com (make sure you use the correct IP address):

falko-desktop:

scp ~/.ssh/id_rsa.pub root@192.168.0.100:/var/lib/backuppc/.ssh/client_id_rsa.pub

The authenticity of host '192.168.0.100 (192.168.0.100)' can't be established.
RSA key fingerprint is 29:40:1c:c0:40:f8:e1:4c:68:47:36:b3:f3:53:b1:38.
Are you sure you want to continue connecting (yes/no)?
<-- yes
Warning: Permanently added '192.168.0.100' (RSA) to the list of known hosts.
root@192.168.0.100's password:
<-- root password for server1.example.com
id_rsa.pub 100% 400 0.4KB/s 00:00

Back on server1.example.com, we append root@falko-desktop's public key to ~/.ssh/known_hosts. Make sure you're still logged in as the user backuppc!

server1.example.com:

cat ~/.ssh/client_id_rsa.pub >> ~/.ssh/known_hosts

Then we switch back to the root user and delete /var/lib/backuppc/.ssh/client_id_rsa.pub:

server1.example.com:

su
rm -f /var/lib/backuppc/.ssh/client_id_rsa.pub

Then become backuppc again and change the permissions of the ~/.ssh directory:

server1.example.com:

su backuppc
chmod -R go-rwx ~/.ssh

Do the same on falko-desktop (as root):

falko-desktop:

chmod -R go-rwx ~/.ssh

Then go back to server1.example.com and make sure you're still logged in as backuppc. Run the following test command to see if falko-desktop prompts you for a password. If you did everything right, it shouldn't. (Make sure to use falko-desktop's current IP address!)

server1.example.com:

ssh -l root 192.168.0.213 whoami

The output should simply be

root


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by djh-compnet (registered user) on Wed, 2011-03-09 19:01.
This problem tends to crop up ever so often and users tearing their hair out while troubleshooting it.

When executing this command on the backuppc server:

ssh -l root 192.168.0.213 whoami

Also execute the command with the hostname of the client:

ssh -l root falko-desktop whoami

If the hostname resolves then you will receive a prompt to confirm a rsa key.
Submitted by garg (registered user) on Tue, 2009-04-07 20:47.

make sure to 

touch authorized_keys2 

if the file doesn't exist before doing 

cat ~/.ssh/BackupPC_id_rsa.pub >> ~/.ssh/authorized_keys2