On Sat 29 May 2021 at 18:25:50 (-0400), Bob Weber wrote: > Now follow the instructions at: > > https://linuxize.com/post/how-to-setup-passwordless-ssh-login/ > > You will need to follow those instructions for each linux server you > want to backup. The .ssh directory will be under the directory listed > in the passwd file (/var/lib/backuppc).? DO NOT USE A PASSWORD TO > create the key pair files! They should go into the > /var/lib/backuppc/.ssh directory (only do this ONCE!). In step 03. > the username should be root@ip-address (you will need root access on > that machine to backup all files from the backuppc user on the > backuppc server). In step 04 you should be able to "ssh > root@ip-address" without a password.
I do this as a matter of course when I set up my machines … > THESE COMMANDS ARE RUN ON EACH SERVER TO BE BACKED UP. … (not the backuppc stuff, but just the passwordless login) … > If yyou can't "ssh root@ip-address" without a password you may also need the > line > > "PermitRootLogin yes" > > in the /etc/ssh/sshd_config file on each server to be backed up. I avoid this wrinkle with a trick that's especially simple when it's done first thing after installation (but it's easy at any time). On machine A: # ssh-copy-id -i ~/.ssh/id_rsa.pub <sysadminuser>@hostB where the sysadminuser¹ is as yet unconfigured for passwordless login by ssh. On machine B, as sysadminuser: $ /bin/su - # mv -i /home/<sysadminuser>/.ssh/authorized_keys /root/.ssh/ # chown 0.0 /root/.ssh/authorized_keys If sysadminuser already had some keys in authorized_keys, then root will need to edit the key from the last line of /home/<sysadminuser>/.ssh/authorized_keys rather than just moving the file (and make sure you don't leave behind a backup in /home/<sysadminuser>/.ssh/authorized_keys~). Alternatively, you can move sysadminuser's authorized_keys out of the way while you type the lines shown above, and then move it back. (Stay logged in to sysadminuser while you do this.) > If you want to you can follow the instructions at "Disabling SSH > Password Authentication". Be very careful to follow the instructions > closely. These are not needed to get backuppc running! You will need > to be able to sudo into root from an unprivileged user to get root > access so be VERY careful to follow the instructions. ¹ I'm assuming root and sysadminuser are the same person, and others don't (yet) have access to the machine. Cheers, David.
