0

I need to use rsync for a daily backup operation and in the past (on different servers) I managed to just use a rsa key etc, but now none of google (serverfault) tutorials work at all.

It keeps asking me for a password.

I have webmin and ssh/root access to both servers.

My steps:

  1. create a key on server 1
  2. send key.pub to server 2
  3. add key.pub to .ssh/authorized_keys
  4. chmod 700 .ssh/authorized_keys
  5. go back to server 1 and try rsync and it keep asking for password...

rsync command: rsync -avz -e ssh file.txt root@server2:/root

EDIT: well, I cleaned up everything and this time, instead of inserting a custom name to the key I used the standard one on server1. sent the .pub to server2 and it worked as a charm... So the answer is that server1's ssh wasn't even using the right key...

Jake Armstrong
  • 131
  • 5
  • does the remote server allow ssh connection with root? have you tried sshing first? – Migs Dec 18 '12 at 13:02
  • Did you check the logs on the remote server? – Oliver Dec 18 '12 at 13:07
  • I'd use 600 for the perms and ensure the .ssh directory has the correct perms as well. Be aware that on some machines it's not authorized_keys, but could be authorized_keys2 or more likely known_hosts. – FreudianSlip Dec 18 '12 at 17:29
  • 1-@Migs : Yes, I have root ssh access to both servers, I own both, literally. 2-@Oliver : Yes, and the logs were in debug mode, still, nothing relevant on var/log/auth 3-@FreudianSlip : I tried 600, no success. I will check the known_hosts thing... – Jake Armstrong Dec 19 '12 at 09:03

3 Answers3

3

Check that your new server will allow root logins and accepts public key authentication.

in /etc/ssh/sshd_config ensure that 

PermitRootLogin yes

and 

PubkeyAuthentication yes

The default for both is yes so unless they are listed and not yes then you're good. If you change either restart sshd.

Check also that the ~/.ssh directory permissions are 700

Another thing to check is that it's not the local passphrase for the private key it's asking for is it ? If it is you may want to remove the passphrase and then take steps secure the public key by locking down which commands can be run with it.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • PermitRootLogin=yes returns an error: Bad configuration option: PermitRootLogin (tried with/out equal sign etc) Permissions checked, all options were checked; next step will be 000, lol I didn't put any passphrase, that breaks the purpose completely since I need a credential less rsync, for automated backup – Jake Armstrong Dec 19 '12 at 09:44
  • well, I cleaned up everything and this time, instead of inserting a custom name to the key I used the standard one on server1. sent the .pub to server2 and it worked as a charm... how can I give a custom name to a key and make it work? – Jake Armstrong Dec 19 '12 at 10:00
  • You might want to `PermitRootLogin without-password` to be on the safe side (without-password means pubkey-only) – unhammer Jan 17 '13 at 11:23
1

First of all, you need to connect via ssh for the first time. This will prompt you about storing the new server fingerprint on .ssh/known_hosts. Then, once you answered positively, it should connect.

The connection may fail for many many reasons. For example, if you added options for that specific host in .ssh/config file, or if your ssh programs do not agree on an authentication schema. In order t better check what happen, you may connect via ssh using option -v. This will print a few information on your screen. Post these lines here, please.

eppesuig
  • 313
  • 1
  • 10
  • will do that right now... – Jake Armstrong Dec 19 '12 at 09:45
  • well, I cleaned up everything and this time, instead of inserting a custom name to the key I used the standard one on server1. sent the .pub to server2 and it worked as a charm... how can I give a custom name to a key and make it work? – Jake Armstrong Dec 19 '12 at 09:55
  • btw, as already commented on previous answers and question: I have full access with ssh/root on both servers... :-) – Jake Armstrong Dec 19 '12 at 10:11
  • do you mean that you specify, using ssh, "-i keyname" ? – eppesuig Dec 19 '12 at 10:40
  • You may specify options to be passed to ssh from rsync using the `--rsh` argument as in `rsync --rsh="ssh -i keyname -o BatchMode=yes -o Compression=no" other-rsync-args` – eppesuig Dec 19 '12 at 10:43
0

The solution is to use the standard name during key creation. All other steps kept the same and it worked like a charm.

Jake Armstrong
  • 131
  • 5