ssh auth problem - Mirror Your Web Site With rsync

Discussion in 'HOWTO-Related Questions' started by phenetic, Aug 18, 2010.

  1. phenetic

    phenetic New Member

    http://www.howtoforge.com/mirroring_with_rsync_p2

    It all works, except for the final public-key authorization.
    ssh -v shows that public key fails, even though it is recognized!!!

    Any ideas??

    root@host [/home/chlngday]# /usr/bin/rsync -aqzu --exclude 'video/' --exclude 'access-logs/' -e "ssh -v -i /root/rsync/mirror-rsync-key" chlngday@server.spameater.com:/home/chlngday/public_html/ /home/chlngday/public_html/
    OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to server.spameater.com [72.44.80.21] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/rsync/mirror-rsync-key type 2
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
    debug1: match: OpenSSH_3.9p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'server.spameater.com' is known and matches the RSA host key.
    debug1: Found key in /root/.ssh/known_hosts:3
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Next authentication method: gssapi-with-mic
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Next authentication method: publickey
    debug1: Offering public key: /root/rsync/mirror-rsync-key
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Next authentication method: password
    chlngday @ server.spameater.com's password:
     
  2. falko

    falko Super Moderator

    Does it work when you delete the

    Code:
    command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty
    part from /home/someuser/.ssh/authorized_keys?
     
  3. phenetic

    phenetic New Member

    Hi Falko, thanks for your attention.

    I did not use that part of the how-to. My authorized keys file looks like this:

    Code:
    ssh-dss AAAAB3Nz..........FKGPvNcI= root@host.spameater.com
    
    If I enter the password, it works fine.

    could it be the SSH version mismatch? could version emulation be broken?

    Funny thing is that it used to work, but then stopped on its own, months ago.

    I have WHM/cpanel, so maybe it updated something.

    Could it be a secure-certificate cache issue?

    confused. :confused:
     
  4. falko

    falko Super Moderator

    Hm, I think I'd set up the mirroring again from scratch. Maybe somthing's wrong with the keys...
     
  5. phenetic

    phenetic New Member

    I've set it up from scratch 3 times now. The keys match. Any ideas?
     
  6. falko

    falko Super Moderator

    And you have one key per line, don't you?
     

Share This Page