From: Robert B. <bro...@st...> - 2005-02-28 12:46:26
|
Hello Everyone, I'm trying to make backuppc backup my linux servers as well , I've read the F.A.Q. about how to set up ssh2 . My system is CentOS 3.4 (Red Hat Enterprise Linux 3.0 clone). So this is what I basicaly did : (the only thing I changed in /etc/ssh/sshd_conf is changed protocol 1 to protocol2 ) I've made some modifications since the original howto didn't work. ------------ Did this on the client computer as root 1. ssh-keygen -t rsa (which created id_rsa and id_rsa.pub) 2. echo "IdKey id_rsa" > ~/.ssh/identity (I only had a /.ssh under /root , and I've checked the ssh_config, and sshd_config files, and identity was close to identification, so I went for identity...) ------------ Did this on the backuppc server as the backuppc user 1. ssh-keygen -t rsa mv ~/.ssh/id_rsa.pub ~/.ssh/BackupPC_id_rsa.pub mv ~/.ssh/id_rsa ~/.ssh/BackupPC_id_rsa echo "IdKey BackupPC_id_rsa" > ~/.ssh/identity 2. touch ~/.ssh/ssh_config echo "StrictHostKeyChecking ask" >> ~/.ssh/ssh_config echo "PasswordAuthentication no" >> ~/.ssh/ssh_config ---------- Did this on the client computer as root 1. I've copied via Midnight Commander the file BackupPC_id_rsa.pub to the clients /root/.ssh/ directory touch ~/.ssh/authorized_keys echo "Key BackupPC_id_rsa.pub" >> ~/.ssh/authorized_keys (again in /etc/ssh/ssh_config , there was no authorization, and the closest to it was authorized_keys...so I went for that) 4.chmod -R go-rwx ~/.ssh ---------- Did this on the backuppc server as user backuppc 1.chmod -R go-rwx ~/.ssh 2.ssh2 -l root clientHostName whoami asks for password (something I did bad , but cannot find) , tried it multiple times...no luck ssh2 -v -l root clientHostName whoami shows the following : --------------------------------OUTPUT------------------------------------------------[backuppc@sam backuppc]$ ssh -v -l root 192.168.2.200 whoamiOpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701fdebug1: Reading configuration data /etc/ssh/ssh_configdebug1: Applying options for *debug1: Rhosts Authentication disabled, originating port will not betrusted.debug1: Connecting to 192.168.2.200 [192.168.2.200] port 22.debug1: Connection established.debug1: identity file /home/backuppc/.ssh/identity type -1debug1: identity file /home/backuppc/.ssh/id_rsa type -1debug1: identity file /home/backuppc/.ssh/id_dsa type -1debug1: Remote protocol version 2.0, remote software version OpenSSH_3.6.1p2debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: server->client aes128-cbc hmac-md5 nonedebug1: kex: client->server aes128-cbc hmac-md5 nonedebug1: SSH2_MSG_KEX_DH_GEX_REQUEST sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdebug1: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdebug1: Host '192.168.2.200' is known and matches the RSA host key.debug1: Found key in /home/backuppc/.ssh/known_hosts:1debug1: ssh_rsa_verify: signature correctdebug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug1: SSH2_MSG_NEWKEYS receiveddebug1: SSH2_MSG_SERVICE_REQUEST sentdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue:publickey,password,keyboard-interactivedebug1: Next authentication method: publickeydebug1: Trying private key: /home/backuppc/.ssh/identitydebug1: PEM_read_PrivateKey faileddebug1: read PEM private key done: type <unknown>Enter passphrase for key '/home/backuppc/.ssh/identity':debug1: Trying private key: /home/backuppc/.ssh/id_rsadebug1: Trying private key: /home/backuppc/.ssh/id_dsadebug1: Next authentication method: k eyboard-interactivedebug1: Authentications that can continue:publickey,password,keyboard-interactivedebug1: Next authentication method: passwordroot@192.168.2.200's password:debug1: Authentication succeeded (password).debug1: channel 0: new [client-session]debug1: Entering interactive session.debug1: Sending command: whoamidebug1: channel 0: request execdebug1: channel 0: open confirm rwindow 0 rmax 32768rootdebug1: client_input_channel_req: channel 0 rtype exit-status reply 0debug1: channel 0: rcvd eofdebug1: channel 0: output open -> draindebug1: channel 0: obuf emptydebug1: channel 0: close_writedebug1: channel 0: output drain -> closeddebug1: channel 0: rcvd closedebug1: channel 0: close_readdebug1: channel 0: input open -> closeddebug1: channel 0: almost deaddebug1: channel 0: gc: notify userdebug1: channel 0: gc: user detacheddebug1: channel 0: send closedebug1: channel 0: is deaddebug1: channel 0: garbage collectingdebug1: channel_free: channel 0: client-session, ncha nnels 1debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 secondsdebug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0debug1: Exit status 0-----------------------------------------END--------------------------------------I've tried this for a day now without much success, could someone pleasepoint me to the rightdirection ?SincerelyRobert Bps.: I know this would be HUGE security risk, but this is internal lan, onlyI have access to the servers,aint it possible with backuppc to tell ssh what password to use ? |
From: Guus H. - Luna.nl B. <gu...@lu...> - 2005-02-28 13:03:52
|
On Mon, 2005-02-28 at 13:46 +0100, Robert Becskei wrote: > Hello Everyone, > > I'm trying to make backuppc backup my linux servers as well , I've read the > F.A.Q. about how to set up ssh2 . > > My system is CentOS 3.4 (Red Hat Enterprise Linux 3.0 clone). > > So this is what I basicaly did : > (the only thing I changed in /etc/ssh/sshd_conf is changed protocol 1 to > protocol2 ) > > I've made some modifications since the original howto didn't work. 2 things to check: - on your client, check /etc/ssh/sshd_conf for the PermitRootlogin option. That should say "yes" or "without-password". - on your client, check /var/log/auth.log. that may give some more info on why your login is failing. Assuming that logfile exists on your distro, could be named differently. Myself I just put the pubkey in the authorized_keys file on the client, no indirection like you did. Hth, Guus |