HowTo BackupPC SSH Key Authentication Setup For rsync Transfer
Overview
This page provides a reference for how to setup SSH key-based authentication for BackupPC rsync file transfer backups with NST. Additional information can be found here: BackupPC SSH Setup.
NST BackupPC Client Setup Example For SSH Key-based Authentication
The steps shown below for SSH key-based authentication assumes that the BackupPC user is set to: "backuppc" and the file transfer backup method is: "rsync". The configuration entries from the main BackupPC configuration file: "/etc/BackupPC/config.pl" are shown for these settings. Our NST BackupPC server has IPv4 Address: "10.222.3.44" and the NST BackupPC client has Host Name: "nst26-mp" and IPv4 Address: "10.222.3.107"
.
.
.
#
# The BackupPC user.
#
$Conf{BackupPCUser} = 'backuppc';
.
.
.
#
# What transport method to use to backup each host. If you have
# a mixed set of WinXX and linux/unix hosts you will need to override
# this in the per-PC config.pl.
#
$Conf{XferMethod} = "rsync";
.
.
.
Step 1: Log In To The backuppc User Account
Since the backuppc user has no login capability, we will need to run the following for access to the backuppc user home directory: "/var/lib/BackupPC" as the backuppc user.
/var/lib/BackupPC
Step 2: Generate The RSA Key Pair
Next we will generate a RSA public / private key pair in directory: "/var/lib/BackupPC/.ssh". Use an "empty" passphrase.
Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/BackupPC/.ssh/id_rsa): Created directory '/var/lib/BackupPC/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/BackupPC/.ssh/id_rsa. Your public key has been saved in /var/lib/BackupPC/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/+jTXY+lDGyAKkjitGZvfSweE8zE/ILpxt00OtaSNPs backuppc@nst26-mp The key's randomart image is: +---[RSA 2048]----+ | | | o | | + . | |... * . . . | |oo.+ B =S o | | =+ + % .. + o| |o .+.%.o .o + =.| | .o.o*o .o. = .| | . ..oE .o.. | +----[SHA256]-----+
Step 3: Add The BackupPC Client To The "known_hosts" File
We next create an entry for our NST BackupPC client: "nst26-mp (10.222.3.107)" in file: "/var/lib/BackupPC/.ssh/known_hosts" by logging in via SSH as user: "root" using password authentication.
The authenticity of host '10.222.3.107 (10.222.3.107)' can't be established. ECDSA key fingerprint is SHA256:XeM2SD/wOoyZ+/vWTjcDCdNShmxnU3S8aBasJeDzTHU. ECDSA key fingerprint is MD5:cb:f8:14:68:01:1a:cb:f5:b7:02:a4:14:cd:73:21:f5. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.222.3.107' (ECDSA) to the list of known hosts. root@10.222.3.107's password: Last login: Thu Sep 14 11:41:21 2017 from 10.222.3.44 =========================================== = Linux Network Security Toolkit (NST 26) = ===========================================
logout Connection to 10.222.3.44 closed.
A file listing for directory: "/var/lib/BackupPC/.ssh" should now look similar to the content shown below. Both the "RSA" key pair and the "known_hosts" files have been generated.
total 12 drwx------ 2 backuppc backuppc 57 Sep 14 11:48 . drwxr-x--- 6 backuppc root 74 Sep 14 10:24 .. -rw------- 1 backuppc backuppc 1679 Sep 14 10:24 id_rsa -rw-r--r-- 1 backuppc backuppc 399 Sep 14 10:24 id_rsa.pub -rw-r--r-- 1 backuppc backuppc 176 Sep 14 11:48 known_hosts
Step 4: Install The Public RSA Key File On The BackupPC Client "authorized_keys" File
Finally, the authorized key file: "/root/.ssh/authorized_keys" for the "root" user on the NST BackupPC client (I.e., nst26-mp - 10.222.3.107) needs to include the backuppc user's RSA public key file created in step: 2. One can log into the client and use an editor to include the key. Alternatively, one can use the following command sequence to install the public RSA key.
root@10.222.3.107's password:
