Back Up Linux And Windows Systems With BackupPC - Page 4
On this page
5.1 Configure The SSH Tunnel
The rsync backup will be tunneled through SSH. The backup is run as the user backuppc, therefore this user must be able to login to falko-desktop as root without being prompted for a password. Therefore we must exchange public keys to allow password-less logins for backuppc.
First we must log in on falko-desktop on the shell and create a root login (if you don't use Ubuntu you most probably have one already):
falko-desktop:
sudo passwd root
sudo su
Now that you're logged in as root, install OpenSSH and rsync:
falko-desktop:
apt-get install rsync ssh openssh-server
Then create a private/public key pair:
falko-desktop:
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <-- <ENTER>
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): <-- <ENTER>
Enter same passphrase again: <-- <ENTER>
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
0f:95:00:4b:fd:c3:cc:0b:1f:2b:00:c9:29:bf:ca:4e root@falko-desktop
If you don't have a DNS record for server1.example.com, you should add server1.example.com to /etc/hosts now:
falko-desktop:
vi /etc/hosts
[...] 192.168.0.100 server1.example.com server1 [...] |
Next we create a private/public key pair on server1.example.com. We must do this as the user backuppc!
server1.example.com:
su backuppc
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa): <-- <ENTER>
Created directory '/var/lib/backuppc/.ssh'.
Enter passphrase (empty for no passphrase): <-- <ENTER>
Enter same passphrase again: <-- <ENTER>
Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
The key fingerprint is:
74:20:65:73:47:1c:cb:ba:5d:9b:5d:56:cf:91:1a:1a [email protected]
Then we copy the public key to falko-desktop. Make sure you use falko-desktop's current IP address in the scp command:
server1.example.com:
cp ~/.ssh/id_rsa.pub ~/.ssh/BackupPC_id_rsa.pub
scp ~/.ssh/BackupPC_id_rsa.pub [email protected]:/root/.ssh/
The authenticity of host '192.168.0.213 (192.168.0.213)' can't be established.
RSA key fingerprint is 9b:66:3e:ce:b4:8d:63:00:ba:87:14:b2:94:03:cb:a8.
Are you sure you want to continue connecting (yes/no)? <-- yes
Warning: Permanently added '192.168.0.213' (RSA) to the list of known hosts.
[email protected]'s password: <-- root password for falko-desktop
BackupPC_id_rsa.pub 100% 410 0.4KB/s 00:00
Next we append backuppc's public key to ~/.ssh/authorized_keys2 on falko-desktop (we do this as root):
falko-desktop:
cat ~/.ssh/BackupPC_id_rsa.pub >> ~/.ssh/authorized_keys2
If you have a proper DNS record for server1.example.com or added it to falko-desktop's /etc/hosts file, you can now open ~/.ssh/authorized_keys2 and add from="server1.example.com" at the beginning of the file. Thus only server1.example.com can enjoy password-less logins. (If server1.example.com cannot be resolved on falko-desktop, then don't add from="server1.example.com")
falko-desktop:
vi ~/.ssh/authorized_keys2
from="server1.example.com" ssh-rsa AAAAB3[...]FMZpdAj8Hs9107tZ97Rq2oO/Zw== [email protected] |
Then copy root@falko-desktop's public key to server1.example.com (make sure you use the correct IP address):
falko-desktop:
scp ~/.ssh/id_rsa.pub [email protected]:/var/lib/backuppc/.ssh/client_id_rsa.pub
The authenticity of host '192.168.0.100 (192.168.0.100)' can't be established.
RSA key fingerprint is 29:40:1c:c0:40:f8:e1:4c:68:47:36:b3:f3:53:b1:38.
Are you sure you want to continue connecting (yes/no)? <-- yes
Warning: Permanently added '192.168.0.100' (RSA) to the list of known hosts.
[email protected]'s password: <-- root password for server1.example.com
id_rsa.pub 100% 400 0.4KB/s 00:00
Back on server1.example.com, we append root@falko-desktop's public key to ~/.ssh/known_hosts. Make sure you're still logged in as the user backuppc!
server1.example.com:
cat ~/.ssh/client_id_rsa.pub >> ~/.ssh/known_hosts
Then we switch back to the root user and delete /var/lib/backuppc/.ssh/client_id_rsa.pub:
server1.example.com:
su
rm -f /var/lib/backuppc/.ssh/client_id_rsa.pub
Then become backuppc again and change the permissions of the ~/.ssh directory:
server1.example.com:
su backuppc
chmod -R go-rwx ~/.ssh
Do the same on falko-desktop (as root):
falko-desktop:
chmod -R go-rwx ~/.ssh
Then go back to server1.example.com and make sure you're still logged in as backuppc. Run the following test command to see if falko-desktop prompts you for a password. If you did everything right, it shouldn't. (Make sure to use falko-desktop's current IP address!)
server1.example.com:
ssh -l root 192.168.0.213 whoami
The output should simply be
root