Re: ssh question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 09:26 12/10/2003, you wrote:
I have two PCs.  One of them has my servers running on it.  The other
has a larger hard drive and a CD-R drive.  I would like to be able to
ssh over to the server PC and tar the /etc and /var directories and then
transfer the tars back to my other PC.  I think I can set up the
scheduling with cron, but I can't figure out how to use ssh without it
asking for my password.

On November 20th, a thread started on this list with the subject "rsync with public/private keys/no passwords"; check the archives for it. In brief, however, you will want to do the following. Note that I refer to the computers as Server and Bigdisk, and that these are general instructions only and written from memory. You will want to verify things and read applicable man pages before executing:


-- Make sure the same user exists on Server and Bigdisk; simpler that way. I'll use "joe" for simplicity here.

-- On Bigdisk, in joe's home directory, create a pair of public and private keys for that user. Make sure you create DSA keys for SSH protocol 2. Never use protocol 1. I think the command is something like "ssh-keygen -t dsa". LEAVE THE PASSPHRASE EMPTY BY PRESSING ENTER.

-- Copy joe's private key to the ~/.ssh/ directory. I think it goes into a special file but don't remember the names.

-- Copy the public key to the home directory of that user on Server with "scp id_dsa.pub joe@xxxxxxxxxxxxxxxxx".

-- On Server, add the public key to the right file with "cat id_dsa.pub >> ~/.ssh/authorized_keys".

-- Check that the permissions are secure enough. If anyone else has write permission to the .ssh directory or the authorized_keys file, for example, the openssh server will not trust it and will ask for a password.

When the whole ssh-without-passwords thing works, simply do this on Bigdisk to get an exact mirror of that /etc and /var directories from Server:

        -- rsync -av -e ssh joe@server:/etc /home/joe/server-backup/
        -- rsync -av -e ssh joe@server:/var /home/joe/server-backup/

Mind your trailing slashes. The way this is written right now will copy the remote etc directory into the server-backup directory locally. You will thus end up with /home/joe/server-backup/etc/... Note that this will create an exact mirror of all files, not a compressed tar file.

Also note that keys without passwords are a security hole. It would be better to have the /etc and /var directories on Server copied and chown'ed to an unprivileged user like joe rather than be owned by root. Easily done with rsync -av on the same machine without the "-e ssh". Then have another user joe on Bigdisk who does nothing but backups, disable joe's password with "passwd -l joe", change his shell to /bin/false so he can't log in. This will reduce the probability of joe's account on Bigdisk being hijacked, and limit the amount of damage that could be done it it were.

Cheers,


-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com


-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux