Difference between revisions of "HowTo BackupPC SSH Key Authentication Setup For rsync Transfer"

From NST Wiki
Jump to navigationJump to search
(Step 4: Install The Public RSA Key File On The BackupPC Client "authorized_keys" File)
(Step 4: Install The Public RSA Key File On The BackupPC Client "authorized_keys" File)
Line 122: Line 122:
 
== Step 4: Install The Public RSA Key File On The BackupPC Client "authorized_keys" File ==
 
== Step 4: Install The Public RSA Key File On The BackupPC Client "authorized_keys" File ==
  
Finally, the authorized key file: "'''/root/.ssh/authorized_keys'''" for the "'''root'''" user on the '''NST BackupPC''' client (I.e., nst26-mp - 10.222.3.107) needs to include the '''backuppc''' user's '''RSA''' public key file. One can log into the client and use an editor to include the key. Alternatively, one can use the following command sequence to install the public '''RSA''' key.
+
Finally, the authorized key file: "'''/root/.ssh/authorized_keys'''" for the "'''root'''" user on the '''NST BackupPC''' client (I.e., nst26-mp - 10.222.3.107) needs to include the '''backuppc''' user's '''RSA''' public key file created in step: 2. One can log into the client and use an editor to include the key. Alternatively, one can use the following command sequence to install the public '''RSA''' key.
  
 
<div class="screen">
 
<div class="screen">
Line 129: Line 129:
 
root@10.222.3.107's password:
 
root@10.222.3.107's password:
 
</pre>
 
</pre>
<div class="userInput"><span class="prompt">[backuppc@nst-vm ~]$ </span></div>
+
<div class="userInput"><span class="prompt">[backuppc@nst-vm ~]$ </span>cat /var/lib/BackupPC/.ssh/id_rsa.pub | ssh root@10.222.222.107 tee -a .ssh/authorized_keys;</div>
 
</div>
 
</div>
 
cat id_rsa.pub | ssh root@10.222.222.107 tee -a .ssh/authorized_keys
 

Revision as of 17:08, 14 September 2017

Overview

This page provides a reference for how to setup SSH key-based authentication for BackupPC rsync file transfer backups with NST. Additional information can be found here: BackupPC SSH Setup.

NST BackupPC Client Setup Example For SSH Key-based Authentication

The steps shown below for SSH key-based authentication assumes that the BackupPC user is set to: "backuppc" and the file transfer backup method is: "rsync". The configuration entries from the main BackupPC configuration file: "/etc/BackupPC/config.pl" are shown for these settings. Our NST BackupPC server has IPv4 Address: "10.222.3.44" and the NST BackupPC client has Host Name: "nst26-mp" and IPv4 Address: "10.222.3.107"

.
.
.
#
# The BackupPC user.
#
$Conf{BackupPCUser} = 'backuppc';
.
.
.
#
# What transport method to use to backup each host.  If you have
# a mixed set of WinXX and linux/unix hosts you will need to override
# this in the per-PC config.pl.
#
$Conf{XferMethod} = "rsync";
.
.
.

Step 1: Log In To The backuppc User Account

Since the backuppc user has no login capability, we will need to run the following for access to the backuppc user home directory: "/var/lib/BackupPC" as the backuppc user.

[root@nst-vm ~]# su - backuppc -s /bin/bash;
[backuppc@nst-vm ~]$ pwd;
/var/lib/BackupPC
[backuppc@nst-vm ~]$


Step 2: Generate The RSA Key Pair

Next we will generate a RSA public / private key pair in directory: "/var/lib/BackupPC/.ssh". Use an "empty" passphrase.

[backuppc@nst-vm ~]$ ssh-keygen -t rsa;
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/BackupPC/.ssh/id_rsa): 
Created directory '/var/lib/BackupPC/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/BackupPC/.ssh/id_rsa.
Your public key has been saved in /var/lib/BackupPC/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/+jTXY+lDGyAKkjitGZvfSweE8zE/ILpxt00OtaSNPs backuppc@nst26-mp
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|    o            |
|     +   .       |
|... * . . .      |
|oo.+ B =S  o     |
| =+ + % ..  +   o|
|o .+.%.o  .o + =.|
|  .o.o*o  .o. = .|
|  . ..oE .o..    |
+----[SHA256]-----+
[backuppc@nst-vm ~]$


Step 3: Add The BackupPC Client To The "known_hosts" File

We next create an entry for our NST BackupPC client: "nst26-mp (10.222.3.107)" in file: "/var/lib/BackupPC/.ssh/known_hosts" by logging in via SSH as user: "root" using password authentication.

[backuppc@nst-vm ~]$ ssh root@10.222.222.107;
The authenticity of host '10.222.3.107 (10.222.3.107)' can't be established.
ECDSA key fingerprint is SHA256:XeM2SD/wOoyZ+/vWTjcDCdNShmxnU3S8aBasJeDzTHU.
ECDSA key fingerprint is MD5:cb:f8:14:68:01:1a:cb:f5:b7:02:a4:14:cd:73:21:f5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.222.3.107' (ECDSA) to the list of known hosts.
root@10.222.3.107's password: 
Last login: Thu Sep 14 11:41:21 2017 from 10.222.3.44

===========================================
= Linux Network Security Toolkit (NST 26) =
===========================================

[backuppc@nst26-mp ~]# exit;
logout
Connection to 10.222.3.44 closed.
[backuppc@nst-vm ~]$

A file listing for directory: "/var/lib/BackupPC/.ssh" should now look similar to the content shown below. Both the "RSA" key pair and the "known_hosts" files have been generated.

[backuppc@nst-vm ~]$ ls -al /var/lib/BackupPC/.ssh;
total 12
drwx------ 2 backuppc backuppc   57 Sep 14 11:48 .
drwxr-x--- 6 backuppc root       74 Sep 14 10:24 ..
-rw------- 1 backuppc backuppc 1679 Sep 14 10:24 id_rsa
-rw-r--r-- 1 backuppc backuppc  399 Sep 14 10:24 id_rsa.pub
-rw-r--r-- 1 backuppc backuppc  176 Sep 14 11:48 known_hosts
[backuppc@nst-vm ~]$

Step 4: Install The Public RSA Key File On The BackupPC Client "authorized_keys" File

Finally, the authorized key file: "/root/.ssh/authorized_keys" for the "root" user on the NST BackupPC client (I.e., nst26-mp - 10.222.3.107) needs to include the backuppc user's RSA public key file created in step: 2. One can log into the client and use an editor to include the key. Alternatively, one can use the following command sequence to install the public RSA key.

[backuppc@nst-vm ~]$ ssh root@10.222.3.107 install -m 700 -d .ssh;
root@10.222.3.107's password:
[backuppc@nst-vm ~]$ cat /var/lib/BackupPC/.ssh/id_rsa.pub | ssh root@10.222.222.107 tee -a .ssh/authorized_keys;