Blogs‎ > ‎

SSH Client Key Configuration

posted 25 Jun 2015, 15:25 by Andrew at Lycom   [ updated 25 Jun 2015, 15:43 ]
Sometimes the SSH client configuration needed to get Rysnc / BackupPC working with Linux/Unix clients can be a little intimidating. Luckily, there is a good guide here:


(Mine uses OpenSSH rather than SSH2 so I followed that section).

So, on the CLIENT to be backed up, as root:

# ssh-keygen -t rsa
 Generating public/private rsa key pair.
 Enter file in which to save the key (/root/.ssh/id_rsa):
 Created directory '/root/.ssh'.
 Your identification has been saved in /root/.ssh/id_rsa.
 Your public key has been saved in /root/.ssh/id_rsa.pub.

I normally make a copy of the public key and rename it to something meaningful, such as ‘root@clientname_id_rsa.pub’ as it can be confusing later when it goes onto to the backuppc server.

On the BackupPC SERVER (we do this just once) log on as the backuppc user and create ssh keys:

# su backuppc
 ssh-keygen -t rsa
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/backuppc/.ssh/id_rsa):
 Your identification has been saved in /home/backuppc/.ssh/id_rsa.
 Your public key has been saved in /home/backuppc/.ssh/id_rsa.pub.
 backuppc@minime:~$ cd .ssh

Now on the CLIENT we need to copy the backuppc .public ssh keyfile from the SERVER to root’s authorized _keys file in the .ssh home dir on the CLIENT:

touch authorized_keys2
cat backuppc@server_id_rsa.pub >> authorized_keys2

(nb: some SSH configs may override the default and use ‘authorized_keys’ naming – check this before you go round in circles trying to work out why you can’t connect!)

And on the BackupPC SERVER as the backuppc user we add the CLIENT’s public SSH key:

/home/backuppc/.ssh
 touch known_hosts (first time only)
 cat root@clientname_id_rsa.pub >> known_hosts

From the SERVER, test with:

ssh -l root CLIENT-hostname whoami

you may need to accept / add the connection the first time, then you should see:

root

Running it a second time should give:

ssh -l root CLIENT-hostname whoami
root

without any intervention required. Great, this now means that the backuppc user on the SERVER can log on as root on the CLIENT and access any files it needs to back up.

Now create a custom/default client config on the BackupPC server for the CLIENT PC and run a test backup. You can use the web interface to add a new HOST, then customise it for the particular backup needs of the CLIENT PC.
Comments