HowTo BackupPC SSH Key Authentication Setup For rsync Transfer
Overview
This page provides a reference for how to setup SSH key-based authentication for BackupPC rsync file transfer backups with NST. Additional information can be found here: BackupPC SSH Setup.
NST BackupPC Client Setup Example For SSH Key-based Authentication
The steps shown below for SSH key-based authentication assumes that the BackupPC user is set to: "backuppc" and the file transfer backup method is: "rsync". The configuration entries from the main BackupPC configuration file: "/etc/BackupPC/config.pl" are shown for these settings. Our NST BackupPC server has IPv4 Address: "10.222.3.44" and the NST BackupPC client has Host Name: "nst26-mp" and IPv4 Address: "10.222.3.107"
. . . # # The BackupPC user. # $Conf{BackupPCUser} = 'backuppc'; . . . # # What transport method to use to backup each host. If you have # a mixed set of WinXX and linux/unix hosts you will need to override # this in the per-PC config.pl. # $Conf{XferMethod} = "rsync"; . . .
Step 1: Log In To The backuppc User Account
Since the backuppc user has no login capability, we will need to run the following for access to the backuppc user home directory: "/var/lib/BackupPC" as the backuppc user.
/var/lib/BackupPC
Step 2: Generate The RSA Key Pair
Next we will generate a RSA public / private key pair in directory: "/var/lib/BackupPC/.ssh". Use an "empty" passphrase.
Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/BackupPC/.ssh/id_rsa): Created directory '/var/lib/BackupPC/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /var/lib/BackupPC/.ssh/id_rsa. Your public key has been saved in /var/lib/BackupPC/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/+jTXY+lDGyAKkjitGZvfSweE8zE/ILpxt00OtaSNPs backuppc@nst26-mp The key's randomart image is: +---[RSA 2048]----+ | | | o | | + . | |... * . . . | |oo.+ B =S o | | =+ + % .. + o| |o .+.%.o .o + =.| | .o.o*o .o. = .| | . ..oE .o.. | +----[SHA256]-----+
Step 3: Add The BackupPC Client To The "known_hosts" File
We next create an entry for our NST BackupPC client: "nst26-mp (10.222.3.107)" in file: "/var/lib/BackupPC/.ssh/known_hosts" by logging in via SSH as user: "root" using password authentication.
The authenticity of host '10.222.3.107 (10.222.3.107)' can't be established. ECDSA key fingerprint is SHA256:XeM2SD/wOoyZ+/vWTjcDCdNShmxnU3S8aBasJeDzTHU. ECDSA key fingerprint is MD5:cb:f8:14:68:01:1a:cb:f5:b7:02:a4:14:cd:73:21:f5. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.222.3.107' (ECDSA) to the list of known hosts. root@10.222.3.107's password: Last login: Thu Sep 14 11:41:21 2017 from 10.222.3.44 =========================================== = Linux Network Security Toolkit (NST 26) = ===========================================
logout Connection to 10.222.3.44 closed.
A file listing for directory: "/var/lib/BackupPC/.ssh" should now look similar to the content shown below. Both the "RSA" key pair and the "known_hosts" files have been generated.
total 12 drwx------ 2 backuppc backuppc 57 Sep 14 11:48 . drwxr-x--- 6 backuppc root 74 Sep 14 10:24 .. -rw------- 1 backuppc backuppc 1679 Sep 14 10:24 id_rsa -rw-r--r-- 1 backuppc backuppc 399 Sep 14 10:24 id_rsa.pub -rw-r--r-- 1 backuppc backuppc 176 Sep 14 11:48 known_hosts
Step 4: Install The Public RSA Key File On The BackupPC Client "authorized_keys" File
Finally, the authorized key file: "/root/.ssh/authorized_keys" for the "root" user on the NST BackupPC client (I.e., nst26-mp - 10.222.3.107) needs to include the backuppc user's RSA public key file created in step: 2. One can log into the client and use an editor to include the key. Alternatively, one can use the following command sequence to install the public RSA key.
root@10.222.3.107's password:
root@10.222.3.107's password: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRYn84CEJaX+5IBvAi793tsRRkjAkt6X2BeG+iX4PLMgIM7eTjUa3J955n+RuzeVVOcSro68nsiRCAEN7 3cH26/gqqZL0My9xVUH+138NMLbdCDO7vs3Ce+K4H8brdDVV32x4Y2YrSDYnhj5VX6xXp7dJcylZalHhRl8TFo2k70wG+VJ48yLB4QbqXmyM25CS6CAO//K XCG0mEM26mEXMaMwXmuTuLVqSoPn2adpdI+YRDe/7wBG60T3saAJtLX5EI6b4hAJKpALxdoJcE8x2IzgCFNQpg7HTBnjAkj1A7LZD9c9DxUgRu/fxcLhgXf Fn9vLCR5YHXUkExRdhe9Rqn backuppc@nst26-mp
Step 5: Test The SSH Key-based Authentication
One should now have completed the SSH key-based authentication setup. If done correctly, one should now be able to log into the NST BackupPC client from the "backuppc" user account as the "root" user. There should be no prompt for the "root" password.
Last login: Thu Sep 14 12:22:25 2017 from 10.222.3.44 =========================================== = Linux Network Security Toolkit (NST 26) = ===========================================
logout Connection to 10.222.3.44 closed.
If successful, using the BackupPC application with transfer method: "rsync" to NST BackupPC client: "nst26-mp - 10.222.3.107" should work properly.