Backup with rsnapshot and ssh has passphraseless public key authentication failure
I am trying to setup rsnapshot to take backups of a remote server using public key authentication without passphrase and as root user. I think the public key authentication fails as I am asked for the root user password when I run "rsnapshot hourly" .
Here is the console output, Code:
require Lchown The rsnapshot config file is as follows, Code:
# On the remote host I have configured the sshd to PermitRootLogins=forced-commands-only . And also the public key generated was copied to the authorized_keys2 file and a symlink authorized_keys was created that links to the aforementioned file. The private key on the rsnapshot server is in the /root/cron directory, and there is a config file in /root/.ssh/ that has the details as below, Code:
Host root Does anyone have any idea why public key authentication is not working? And also, if possible, does anyone know how what arguements I can give to ssh to only try public key authentication ? Thanks. |
Hello and welcome to LinuxQuestions,
Why would you create an authorized_keys2 file and symlink to it? Do you have any particular reason for that? SSH is very strict about permissions on the files. What are the permissions on your identity file? I'd check permissions on both files, remove the symlink and use what's to be used (authorized_keys). Looking forward to your participation in the forums. Have fun with Linux. Kind regards, Eric |
Quote:
While searching the www for solutions, I had come across this -> A possible solution Anyway, here are the permissions of the files on the remote host Code:
drwx------ 2 root root 4096 Mar 4 15:04 .ssh On the rsnapshot server, some of the permissions are as follows, Code:
drwx------ 2 root root 4096 Mar 5 18:01 .ssh Code:
/root/cron I implemented your suggestion and tried it out, but I got the same result, and exactly the same output on console as in the previous case. Shall I bring back the authorized_keys2 file and the symlink, or should I leave it as it is with just the authorized_keys file? As a side note, I checked whether setting PermitRootLogin=yes works, and it did work perfectly. |
Hi,
What distro and version are you using? Kind regards, Eric |
It's Red Hat 5.7
|
Hi,
Do you have by any chance SELinux enabled? Kind regards, Eric |
Hi Eric,
It's installed , but not running |
Did you also specify a ForceCommand for the root user? I would assume that it won’t work this way with rsnapshot, as the command line is assembled on the fly and can’t be defined beforehand (unless you use some kind of wrapper to get the original command line options). It might work with PermitRootLogin=without-password setting.
|
Hi,
I would try to set the public-key to a ssh connection where: Code:
opening connection using: /usr/bin/ssh -vvv -l root zw-josh.local.josh.com rsync --server --sender -vvvlogDtpre.is . /etc/ |
Here is the sshd_config file parameters on the remote host
Code:
# |
Hi,
A quick look shows that you don't have enabled pubkey auth. Uncomment the lines to enable and restart SSHD. Quote:
good luck |
Just a tidbit on permissions... In all my setups I have needed to have the "authorized_keys" file set to perms "600"
Cheers Mike |
Quote:
Tried it and it still did not work. Now I suspect the problem may be somewhere else. But first, I would have to explain the complete picture which I probably should have done before. The rsnapshot server will be using cron to do automated logins and take backup. And then when the authentication process takes place, I have PermitRootLogins=forced-commands-only. So on the remote host in the authorized_keys file, I have the following before the public key data, "from="192.xx.xx.xx",command="/root/cron/validate-rsync" ssh-dss......" So if only the IP address of the rsnapshot server is recognized, then the "validate-rsync" script will be run. See here for the script --> validate-sync I suspect after looking at this Ubuntuforum topic that cron is having issues using ssh. |
Here some more data regarding permissions and ownership,
The private key is /root/cron/localhost-rsnapshot-key Code:
-rw------- 1 root root 668 Mar 8 16:36 /root/cron/localhost-rsnapshot-key And ssh will read the location of the private key from /root/.ssh/config Code:
drwx------ 2 root root 4096 Mar 5 18:01 .ssh Code:
Host root |
Finally figured out what the problem was, with some help from the author of Using Rsnapshot and SSH. Judging from the logs below, it seems like ssh was not able to find the correct private key file.
Code:
... Code:
Host root Code:
Host *.local.josh.com This advice helped as well, Quote:
Code:
error: buffer_get_ret: trying to get more bytes 4 than in buffer 0 Please refer to this website for more info on this matter. It seems that the newline is a default action because of using ssh-copy-id. This newline is not visible in editor like nano . Found it with the vi editor. Basically there needs to be just spaces between fields, so my /root/.ssh/authorized_keys file starts with, Code:
from="192.168.50.4",command="/root/cron/validate-rsync" ssh-dss JSGGEHK.... And after this, my backup problem has been solved. |
All times are GMT -5. The time now is 03:07 PM. |