[ale] Getting root ssh key to work (was Re: [ot] Xmpp, ejabberd question)

Jim Kinney jim.kinney at gmail.com
Fri Jan 13 15:40:21 EST 2012 

On Fri, Jan 13, 2012 at 3:28 PM, David Tomaschik
<david at systemoverlord.com>wrote:

> You should have the public key in a file called authorized_keys on the
> server side.
>

Yep! Easy tool is called ssh-copy-id <user>@<hostname>  will do the
RightThing (tm) on the remote end.

Also you will need to edit the /etc/ssh/sshd_config file and change

#PubkeyAuthentication yes
#AuthorizedKeysFile    .ssh/authorized_keys

to

PubkeyAuthentication yes
AuthorizedKeysFile    .ssh/authorized_keys


For the back up process, you will want to put the key in the account of the
backup user on the far machine (back up data storage system - wilma), not
root user.

>
> David
>
>
> On Fri, Jan 13, 2012 at 3:06 PM, Tim Watts <tim at cliftonfarm.org> wrote:
> > OK, I did an ssh-keygen for root and managed to copy its id_rsa.pub to
> > $host:/root/.ssh.  (I have "PasswordAuthentication no" in my sshd_config
> > so can't use ssh-copy-id.)  On the target host it shows this:
> >
> > $ sudo ls -l /root/.ssh/
> > total 8
> > -rw-r--r-- 1 root root 396 2012-01-13 14:36 id_rsa.pub
> > -rw-r--r-- 1 root root 884 2010-11-28 13:36 known_hosts
> >
> > On my local machine I have this:
> >
> > # ls -l /root/.ssh
> > total 12
> > -rw------- 1 root root 1743 2012-01-13 14:25 id_rsa
> > -rw-r--r-- 1 root root  396 2012-01-13 14:25 id_rsa.pub
> > -rw-r--r-- 1 root root  884 2009-11-11 06:17 known_hosts
> >
> > The timestamp difference is due to copying it to my home before scp-ing
> > it to the target host.
> >
> > And yet:
> >
> > # ssh timtw at blueberry
> > Permission denied (publickey).
> > # ssh blueberry
> > Permission denied (publickey).
> >
> > My sshd_config has "PermitRootLogin yes".  What else could I be missing?
> >
> >
> > On Fri, 2012-01-13 at 13:56 -0500, Jim Kinney wrote:
> >> root user needs to do a keygen and put the pub on wilma.
> >>
> >> On Fri, Jan 13, 2012 at 1:40 PM, Tim Watts <tim at cliftonfarm.org>
> >> wrote:
> >>         On Fri, 2012-01-13 at 11:51 -0500, Jim Kinney wrote:
> >>         > root on fred goes to fredbak on wilma
> >>
> >>
> >>         Just to be clear: does this mean that the backup job runs as
> >>         root but
> >>         rsyncs as fredbak (via ssh key) to wilma?  As in:
> >>
> >>                # rsync $OPTS $SRC fredbak@$TGTHOST:$DST
> >>
> >>         I get an error when I try to do something similar:
> >>
> >>         OPTS="-az --delete-during --delete-delay -h --progress
> >>         --stats"
> >>
> >>         # rsync $OPTS /etc /home/timtw
> >>         timtw at blueberry:/home/timtw/backups/dellberry
> >>         Permission denied (publickey).
> >>         rsync: connection unexpectedly closed (0 bytes received so
> >>         far) [sender]
> >>         rsync error: unexplained error (code 255) at io.c(601)
> >>         [sender=3.0.7]
> >>         #
> >>
> >>         I am able to ssh to blueberry via my ssh key when I'm timtw
> >>         but not as
> >>         root.  Is my key in the wrong place?
> >>
> >>
> >>         _______________________________________________
> >>         Ale mailing list
> >>         Ale at ale.org
> >>         http://mail.ale.org/mailman/listinfo/ale
> >>         See JOBS, ANNOUNCE and SCHOOLS lists at
> >>         http://mail.ale.org/mailman/listinfo
> >>
> >>
> >>
> >>
> >> --
> >> --
> >> James P. Kinney III
> >>
> >> As long as the general population is passive, apathetic, diverted to
> >> consumerism or hatred of the vulnerable, then the powerful can do as
> >> they please, and those who survive will be left to contemplate the
> >> outcome.
> >> - 2011 Noam Chomsky
> >>
> >> http://heretothereideas.blogspot.com/
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
>
>
> --
> David Tomaschik, RHCE, LPIC-1
> System Administrator/Open Source Advocate
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III

As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky

http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120113/525ea35d/attachment-0001.html

More information about the Ale mailing list