2

I'm wondering what are the steps to configure password-less ssh keys so I can connect and pull data from multiple remote servers. Can I just do:

Backup Machine:

ssh-keygen -t rsa
ssh-copy-id -i /home/user/.ssh/id_rsa.pub root@server1
ssh-copy-id -i /home/user/.ssh/id_rsa.pub root@server2
ssh-copy-id -i /home/user/.ssh/id_rsa.pub root@server3

and on each remote server{1-3} do:

PermitRootLogin forced-commands-only

and let rsync pull the data from the backup server to each remote.

Would those be the correct steps?

Thanks

JoshyD
  • 21
  • 1

2 Answers2

1
  1. Run the generate command as root (via sudo -s or sudo -i) so the key isn't in your home directory
  2. You can't ssh/scp to your servers as root if you don't have interactive root login (e.g. on Debian-based systems); do it as your user, assuming you have a login on those machines. Then login and copy the authorized_keys file into /root/.ssh/ on each server and set the correct permissions.
  3. Use a from="w.x.y.z" stanza in your authorized_keys file if you have a static IP on your backup machine. The PermitRootLogin forced-commands-only isn't really much better than without-password.
Andrew
  • 8,002
  • 3
  • 36
  • 44
  • thanks for the tips, though, not sure what do you mean with interactive login? All machines are running Debian. – JoshyD Jun 15 '11 at 04:49
  • @JoshyD you're trying to scp the public key to your remote machine as root, which will ask for a password (interactive login), which doesn't exist. I'll clarify my answer to suggest copying it as your own user. – Andrew Jun 15 '11 at 07:39
0

Yes, you can do this. I wrote a blog post on this a while back (it's based around setting up dirvish, which is an rsync based backup system). Once you setup the keys on the clients you can run a backup, see what command it runs, and then set forced-commands.

theotherreceive
  • 8,365
  • 1
  • 31
  • 44