Menu
▾
▴
Re: [BackupPC-users] How to use ssh-agent on a server without X?
|
From: Luis P. <lui...@gm...> - 2010-03-19 03:43:09
|
Well, it works
This sets the agent and asks for the key on boot
$ cat /etc/rc.local
su - backuppc -c "exit"
$ cat /home/backuppc/.bash_profile
/usr/bin/keychain -Q -q --nogui /home/backuppc/.ssh/id_rsa
[[ -f /home/backuppc/.keychain/main-sh ]] && source
/home/backuppc/.keychain/main-sh
on client.pl
...
$Conf{RsyncClientCmd} = '/home/backuppc/backuppc.sh $sshPath -q -x -l
backuppc $host /usr/bin/sudo $rsyncPath $argList+';
...
$cat /home/backuppc/backuppc.sh
#!/bin/sh
. /home/backuppc/.keychain/main-sh
$*
/home/backuppc/.keychain/main-sh is created by keychain and it contains
something like:
$ cat /home/backuppc/.keychain/main-sh
SSH_AUTH_SOCK=/tmp/ssh-swkbQc6157/agent.6157; export SSH_AUTH_SOCK;
SSH_AGENT_PID=6158; export SSH_AGENT_PID;
This works for backing up using passphrase keys using ssh-agent/keychain,
and it keeps the agent and keys between your backuppc user sessions.
Personally, I find it annoying, specially if you don't usually have a
monitor connected to your server when you have to type the passphrase :)
On Wed, Mar 17, 2010 at 3:29 PM, Luis Paulo <lui...@gm...> wrote:
> It seems ssh-agent alone don't do the job because it is not possible to
> keep env vars SSH_AGENT_PID and SSH_AUTH_SOCK between sessions
>
> keychain do a good job setting ssh-agent for the user, using ,bash_profile
> and keeping the env vars on a file in ~/.keychain/
>
> I was trying to set this on rc.local (with S99rc.local on ubuntu). Maybe it
> is possible to set keychain there, but for now I just use rc.local to log as
> backuppc user. Boot stops, asks for the passphrase (but not the user
> password?). Then I run exit to continue boot.
>
> Not very elegant :)
>
> And the first ssh as backuppc user I do seems to hang or take too long to
> connect. After that, it works fine.
>
>
>
> On Wed, Mar 17, 2010 at 1:14 AM, Luis Paulo <lui...@gm...> wrote:
>
>> I now use ssh with phraseless keys to do my backups on a server without X.
>>
>> As I remember, when I had backuppc server on a machine with X, it was
>> quite easy to make the gnome-agent send the key. The only thing was the need
>> to insert a key on boot, what could be a problem on a power event.
>>
>> I have tryed, but I never was able to do that with ssh-agent.
>>
>> I'll tell you exactly what I am doing in following posts, but can anyone
>> give some help for starters?
>>
>> Thanks
>> Luis
>>
>
>
|