[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Getting root ssh key to work (was Re: [ot] Xmpp, ejabberd question)
- Subject: [ale] Getting root ssh key to work (was Re: [ot] Xmpp, ejabberd question)
- From: tim at cliftonfarm.org (Tim Watts)
- Date: Fri, 13 Jan 2012 15:06:21 -0500
- In-reply-to: <CAEo=5Pz3360Y10qb7irUDfEHHS=Q+1zvBupvYEo8JPR=4q3=wg@mail.gmail.com>
- References: <CALRLYEn-u9cdm1vMvw1LyB71WrwUXN63Xd_+eKtessnLTAmk_g@mail.gmail.com> <CAAt=rgDUJbTYi7ATNKOgHB04wS_8_E2YVsp+CJ+ci8Us74ZGyw@mail.gmail.com> <CALKwpEwNb5Fgzvx5yJ-DpZj1JDcfngQp_xokfqXav-RX6AZtnQ@mail.gmail.com> <CAEo=5Px2ehgKQQO3_CjtZ-kAWt7n69gPSSotueb7SiCCVy4JCA@mail.gmail.com> <CALKwpExo2zg4Fq71sw3nAiwbH61fmc8PzBM=s0BcYoqLme1uyQ@mail.gmail.com> <CAEo=5Px71WEojSkG4QtutZJm-Cm=dMUPGBi6vA9OxLmfM-YXFA@mail.gmail.com> <CALRLYEmc6UqBBK2nmRpkMgeB5job93fEKm1CtV3S6DsJkQOJuQ@mail.gmail.com> <CAEo=5Py4vsZdZTzHayE3UKwnKm3afBBHf-RHHQOsUgMKMfkJFw@mail.gmail.com> <1326465397.18550.187.camel@dellberry> <CAEo=5PwhKuAiOkGh5iV4PoGsGXKKz53oG+MS_bb3oaVKT-uzkg@mail.gmail.com> <1326480013.18550.221.camel@dellberry> <CAEo=5Pz3360Y10qb7irUDfEHHS=Q+1zvBupvYEo8JPR=4q3=wg@mail.gmail.com>
OK, I did an ssh-keygen for root and managed to copy its id_rsa.pub to
$host:/root/.ssh. (I have "PasswordAuthentication no" in my sshd_config
so can't use ssh-copy-id.) On the target host it shows this:
$ sudo ls -l /root/.ssh/
total 8
-rw-r--r-- 1 root root 396 2012-01-13 14:36 id_rsa.pub
-rw-r--r-- 1 root root 884 2010-11-28 13:36 known_hosts
On my local machine I have this:
# ls -l /root/.ssh
total 12
-rw------- 1 root root 1743 2012-01-13 14:25 id_rsa
-rw-r--r-- 1 root root 396 2012-01-13 14:25 id_rsa.pub
-rw-r--r-- 1 root root 884 2009-11-11 06:17 known_hosts
The timestamp difference is due to copying it to my home before scp-ing
it to the target host.
And yet:
# ssh timtw at blueberry
Permission denied (publickey).
# ssh blueberry
Permission denied (publickey).
My sshd_config has "PermitRootLogin yes". What else could I be missing?
On Fri, 2012-01-13 at 13:56 -0500, Jim Kinney wrote:
> root user needs to do a keygen and put the pub on wilma.
>
> On Fri, Jan 13, 2012 at 1:40 PM, Tim Watts <tim at cliftonfarm.org>
> wrote:
> On Fri, 2012-01-13 at 11:51 -0500, Jim Kinney wrote:
> > root on fred goes to fredbak on wilma
>
>
> Just to be clear: does this mean that the backup job runs as
> root but
> rsyncs as fredbak (via ssh key) to wilma? As in:
>
> # rsync $OPTS $SRC fredbak@$TGTHOST:$DST
>
> I get an error when I try to do something similar:
>
> OPTS="-az --delete-during --delete-delay -h --progress
> --stats"
>
> # rsync $OPTS /etc /home/timtw
> timtw at blueberry:/home/timtw/backups/dellberry
> Permission denied (publickey).
> rsync: connection unexpectedly closed (0 bytes received so
> far) [sender]
> rsync error: unexplained error (code 255) at io.c(601)
> [sender=3.0.7]
> #
>
> I am able to ssh to blueberry via my ssh key when I'm timtw
> but not as
> root. Is my key in the wrong place?
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
>
>
> --
> --
> James P. Kinney III
>
> As long as the general population is passive, apathetic, diverted to
> consumerism or hatred of the vulnerable, then the powerful can do as
> they please, and those who survive will be left to contemplate the
> outcome.
> - 2011 Noam Chomsky
>
> http://heretothereideas.blogspot.com/
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20120113/0319803e/attachment.bin