On Sat 29 May 2021 at 18:25:50 (-0400), Bob Weber wrote:
> Now follow the instructions at:
>
> https://linuxize.com/post/how-to-setup-passwordless-ssh-login/
>
> You will need to follow those instructions for each linux server you
> want to backup. The .ssh directory will be under the directory listed
> in the passwd file (/var/lib/backuppc).? DO NOT USE A PASSWORD TO
> create the key pair files! They should go into the
> /var/lib/backuppc/.ssh directory (only do this ONCE!). In step 03.
> the username should be root@ip-address (you will need root access on
> that machine to backup all files from the backuppc user on the
> backuppc server). In step 04 you should be able to "ssh
> root@ip-address" without a password.
I do this as a matter of course when I set up my machines …
> THESE COMMANDS ARE RUN ON EACH SERVER TO BE BACKED UP.
… (not the backuppc stuff, but just the passwordless login) …
> If yyou can't "ssh root@ip-address" without a password you may also need the line
>
> "PermitRootLogin yes"
>
> in the /etc/ssh/sshd_config file on each server to be backed up.
I avoid this wrinkle with a trick that's especially simple when it's
done first thing after installation (but it's easy at any time).
On machine A:
# ssh-copy-id -i ~/.ssh/id_rsa.pub <sysadminuser>@hostB
where the sysadminuser¹ is as yet unconfigured for passwordless
login by ssh. On machine B, as sysadminuser:
$ /bin/su -
# mv -i /home/<sysadminuser>/.ssh/authorized_keys /root/.ssh/
# chown 0.0 /root/.ssh/authorized_keys
If sysadminuser already had some keys in authorized_keys,
then root will need to edit the key from the last line of
/home/<sysadminuser>/.ssh/authorized_keys rather than just
moving the file (and make sure you don't leave behind a
backup in /home/<sysadminuser>/.ssh/authorized_keys~).
Alternatively, you can move sysadminuser's authorized_keys
out of the way while you type the lines shown above, and then
move it back. (Stay logged in to sysadminuser while you do this.)
> If you want to you can follow the instructions at "Disabling SSH
> Password Authentication". Be very careful to follow the instructions
> closely. These are not needed to get backuppc running! You will need
> to be able to sudo into root from an unprivileged user to get root
> access so be VERY careful to follow the instructions.
¹ I'm assuming root and sysadminuser are the same person, and others
don't (yet) have access to the machine.
Cheers,
David.