mirror with rsync

Discussion in 'HOWTO-Related Questions' started by Dustcloud4, Aug 15, 2006.

  1. Dustcloud4

    Dustcloud4 New Member

    Hi everyone.

    I have tried to follow the instructions to the letter, but it still asks me for a password in the last section. I am running Fedora Core 5 boxes with all the updates. I know I am making a mistake somewhere and I hope someone can point it out to me :)

    This is what I get for an output:

    [[email protected] ~]$ rsync -avz --delete -e "ssh -vi /root/rsync/mirror-rsync-key" [email protected]:/var/www/ /var/www/
    OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to server.com [IP_Address] port 22.
    debug1: Connection established.
    debug1: identity file /root/rsync/mirror-rsync-key type 2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
    debug1: match: OpenSSH_4.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'server.com' is known and matches the RSA host key.
    debug1: Found key in /home/backup/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Next authentication method: gssapi-with-mic
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Next authentication method: publickey
    debug1: Offering public key: /root/rsync/mirror-rsync-key
    debug1: Remote: Forced command: /home/backup/rsync/checkrsync
    debug1: Remote: Your host 'host-X-X-X-X.midco.net' is not permitted to use this key for login.
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Next authentication method: password
    [email protected]'s password:

    Another question I had was after running "ssh-keygen -t dsa -b 2048 -f /root/rsync/mirror-rsync-key", I get this "DSA keys must be 1024 bits"
    Is the difference because a Debian box was used for the example?

    I am new to Linux so if I am missing some crucial information, please don't hesitate to let me know.


    Thanks,

    Dustin
     
  2. sjau

    sjau Local Meanie Moderator

    I guess that's the reason:

    Maybe you didn't handle the public keys right... please check that again.
     
  3. Dustcloud4

    Dustcloud4 New Member

    I've tried the whole tutorial about 5 times now, I'll give it another shot :)
     
  4. Dustcloud4

    Dustcloud4 New Member

    I still have not been able to get it to work...The only thing that I see that I have to do differently is when i put the command "ssh-keygen -t dsa -b 2048 -f /root/rsync/mirror-rsync-key" I get the message, "DSA keys must be 1024 bits"

    I don't think changing it to a 1024bits would be a problem. I have tried this about six times now copying and pasting. If anyone has any type of suggestion please let me know..

    Thanks,

    Dustin
     
  5. falko

    falko Super Moderator ISPConfig Developer

    Are you referring to this tutorial? http://www.howtoforge.com/mirroring_with_rsync


    That's possible. I didn't try this on Fedora.
     
  6. Bicet

    Bicet New Member

    I've got the same problem with 2048/1024bit, is there something else that I've got to setup?

    I'm on ubuntu...
     
  7. falko

    falko Super Moderator ISPConfig Developer

    Have you tried with 1024 then?
     
  8. Bicet

    Bicet New Member

    Sure I've tried and it doesn't work...
     
  9. falko

    falko Super Moderator ISPConfig Developer

    Do you use Debian?
     
  10. Bicet

    Bicet New Member

    I'm using Ubuntu that has a Debian base.
     
  11. falko

    falko Super Moderator ISPConfig Developer

    That could already be a problem. I haven't tried this on Ubuntu...
     
  12. ode2k

    ode2k New Member

    I have the same issue using CentOS 4.2. I've followed the exact steps 3 times, but it still doesn't seem to allow it. There must be a config somewhere that we can set to 'allow' our host to use the keys, but I'm just not sure where...
     
  13. ode2k

    ode2k New Member

    Solution to "Remote: Your host 'host' is not permitted to use this key for login"

    I figured it out. In the tutorial (page 2, step 5), when you add the line:

    Code:
    command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty
    to the beginning of: /home/someuser/.ssh/authorized_keys:

    You should have a comma at the end of that string and make sure that it's on it's own line. So in:
    Code:
    vi /home/someuser/.ssh/authorized_keys
    It should be:

    Code:
    command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty,
    
    ssh-dss AAAAB3NzaC1kc3MAAA[...]lSUom [email protected]

    Instead of:

    Code:
    command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3NzaC1kc3MAAA[...]lSUom [email protected]

    You should just be able to change the authorized_keys to reflect this, then test the rsync again (step 6). After that change it should work to use rsync with the key instead of prompting you for a password. :D
     
  14. Bicet

    Bicet New Member

    I will give a try :D
     
  15. Bicet

    Bicet New Member

    Here's what I've got :D
    Code:
    OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to omega.netsolutionsvenice.com [85.32.108.186] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/rsync/mirror-rsync-key type 2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-5ubuntu1
    debug1: match: OpenSSH_4.3p2 Debian-5ubuntu1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'omega.netsolutionsvenice.com' is known and matches the RSA host key.
    debug1: Found key in /root/.ssh/known_hosts:5
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Offering public key: /root/rsync/mirror-rsync-key
    Connection closed by 85.32.108.186
    rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
    rsync error: unexplained error (code 255) at io.c(463) [receiver=2.6.8]
    
    Do you know what the problem can be?
     
  16. falko

    falko Super Moderator ISPConfig Developer

    Could be a problem with your keys, or maybe the contents of the authorized_keys file is wrong.
     
  17. attilahooper

    attilahooper New Member

    This solution worked for me, between Fedora core 8 and 9 boxes.

    Thx.
     

Share This Page