From: Luis P. <lui...@gm...> - 2010-03-19 03:43:09
|
Well, it works This sets the agent and asks for the key on boot $ cat /etc/rc.local su - backuppc -c "exit" $ cat /home/backuppc/.bash_profile /usr/bin/keychain -Q -q --nogui /home/backuppc/.ssh/id_rsa [[ -f /home/backuppc/.keychain/main-sh ]] && source /home/backuppc/.keychain/main-sh on client.pl ... $Conf{RsyncClientCmd} = '/home/backuppc/backuppc.sh $sshPath -q -x -l backuppc $host /usr/bin/sudo $rsyncPath $argList+'; ... $cat /home/backuppc/backuppc.sh #!/bin/sh . /home/backuppc/.keychain/main-sh $* /home/backuppc/.keychain/main-sh is created by keychain and it contains something like: $ cat /home/backuppc/.keychain/main-sh SSH_AUTH_SOCK=/tmp/ssh-swkbQc6157/agent.6157; export SSH_AUTH_SOCK; SSH_AGENT_PID=6158; export SSH_AGENT_PID; This works for backing up using passphrase keys using ssh-agent/keychain, and it keeps the agent and keys between your backuppc user sessions. Personally, I find it annoying, specially if you don't usually have a monitor connected to your server when you have to type the passphrase :) On Wed, Mar 17, 2010 at 3:29 PM, Luis Paulo <lui...@gm...> wrote: > It seems ssh-agent alone don't do the job because it is not possible to > keep env vars SSH_AGENT_PID and SSH_AUTH_SOCK between sessions > > keychain do a good job setting ssh-agent for the user, using ,bash_profile > and keeping the env vars on a file in ~/.keychain/ > > I was trying to set this on rc.local (with S99rc.local on ubuntu). Maybe it > is possible to set keychain there, but for now I just use rc.local to log as > backuppc user. Boot stops, asks for the passphrase (but not the user > password?). Then I run exit to continue boot. > > Not very elegant :) > > And the first ssh as backuppc user I do seems to hang or take too long to > connect. After that, it works fine. > > > > On Wed, Mar 17, 2010 at 1:14 AM, Luis Paulo <lui...@gm...> wrote: > >> I now use ssh with phraseless keys to do my backups on a server without X. >> >> As I remember, when I had backuppc server on a machine with X, it was >> quite easy to make the gnome-agent send the key. The only thing was the need >> to insert a key on boot, what could be a problem on a power event. >> >> I have tryed, but I never was able to do that with ssh-agent. >> >> I'll tell you exactly what I am doing in following posts, but can anyone >> give some help for starters? >> >> Thanks >> Luis >> > > |