We are using rsync to pull backups created on our server. The command below is run as a cronjob and it works great. rsync -avu --rsh "ssh -l root" root@servername:/var/lib/mysql/backups/ /backups/mysql/ We have a new server that will replace the old server that rsync pulls backups from. On the system that is running rsync, I switched the servername in the command above to the new server. Rsync is failing to work because it wants the root password for the new server. Rsync does not ask for a password from the old server, even when I manually run the command. I did not set up the rsync routine and thus I don't know if there is a file on the old server that rsync is communicating with to bypass asking for roots password. What is required for rsync to use the above command to pull backups from the new server, and not want root's password entered? Thanks Marc -------------- next part -------------- HTML attachment scrubbed and removed
I will try changing --rsh "ssh -l root" to -e ssh root@. On both the old server and the box pulling the backups these 3 files are in the .ssh directory in /root: authorized_keys id_rsa id_rsa.pub. Can I assume they are identical files on both systems? I found an article about creating the above files: http://blogs.sun.com/jkini/entry/how_to_scp_scp_and To be clear, if I want to recreate the 3 files do I create them on the system running the rsync command and then copy the 3 files to the remote box? Thanks -----Original Message----- From: Matthias Schniedermeyer [mailto:ms@citd.de] Sent: Thursday, October 23, 2008 2:25 PM To: Marc Fromm Cc: rsync@lists.samba.org Subject: Re: asking for root password On 23.10.2008 13:29, Marc Fromm wrote:> We are using rsync to pull backups created on our server. > The command below is run as a cronjob and it works great. > rsync -avu --rsh "ssh -l root" root@servername:/var/lib/mysql/backups/ /backups/mysql/Normaly this should be enough: rsync -avu -e ssh root@servername:/var/lib/mysql/backups/ /backups/mysql/ With a recent rsync even "-e ssh" isn't needed.> We have a new server that will replace the old server that rsync pulls backups from. > On the system that is running rsync, I switched the servername in the command above to the new server. > Rsync is failing to work because it wants the root password for the new server. > Rsync does not ask for a password from the old server, even when I manually run the command. > > I did not set up the rsync routine and thus I don't know if there is a file on the old server that rsync is communicating with to bypass asking for roots password. > > What is required for rsync to use the above command to pull backups from the new server, and not want root's password entered?Most likely the backup-server uses a RSA or DSA key to authenticate. On the old server you will find the following file in the home-directory of the root-user (/root usually): .ssh/authorized_keys (in rare cases: .ssh/authorized_keys2) The file contains a list of public-keys that are allowed to login witout password. Just create the directory on the new server and copy the file over. If you copy the contents via copy & paste you have to make sure to not break the long line(s). You also have to make sure that either the permissions of the file and every directory up to and including .ssh is only writable by root, otherwise the sshd won't use the key file (man sshd_config, Keyword: "strictmode"). The corresponding private-key can be found on your backup-server also in .ssh directory of the home-directory of whaterver user starts the command . The file is normally called either: id_dsa or id_rsa, if it is called "identity" you are using SSHv1 and you should really consider generating a new set of keys. The public key is stored in the .pub-file, this is the long string you can seen in the authorized_keys-file. I suggest you read/google a little bit about ssh-keys, they are one of the best inventions since sliced bread. ;-) Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous.
On 23.10.2008 13:29, Marc Fromm wrote:> We are using rsync to pull backups created on our server. > The command below is run as a cronjob and it works great. > rsync -avu --rsh "ssh -l root" root@servername:/var/lib/mysql/backups/ /backups/mysql/Normaly this should be enough: rsync -avu -e ssh root@servername:/var/lib/mysql/backups/ /backups/mysql/ With a recent rsync even "-e ssh" isn't needed.> We have a new server that will replace the old server that rsync pulls backups from. > On the system that is running rsync, I switched the servername in the command above to the new server. > Rsync is failing to work because it wants the root password for the new server. > Rsync does not ask for a password from the old server, even when I manually run the command. > > I did not set up the rsync routine and thus I don't know if there is a file on the old server that rsync is communicating with to bypass asking for roots password. > > What is required for rsync to use the above command to pull backups from the new server, and not want root's password entered?Most likely the backup-server uses a RSA or DSA key to authenticate. On the old server you will find the following file in the home-directory of the root-user (/root usually): .ssh/authorized_keys (in rare cases: .ssh/authorized_keys2) The file contains a list of public-keys that are allowed to login witout password. Just create the directory on the new server and copy the file over. If you copy the contents via copy & paste you have to make sure to not break the long line(s). You also have to make sure that either the permissions of the file and every directory up to and including .ssh is only writable by root, otherwise the sshd won't use the key file (man sshd_config, Keyword: "strictmode"). The corresponding private-key can be found on your backup-server also in .ssh directory of the home-directory of whaterver user starts the command . The file is normally called either: id_dsa or id_rsa, if it is called "identity" you are using SSHv1 and you should really consider generating a new set of keys. The public key is stored in the .pub-file, this is the long string you can seen in the authorized_keys-file. I suggest you read/google a little bit about ssh-keys, they are one of the best inventions since sliced bread. ;-) Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous.