The user must have read access to the private key associated with the public key installed on the remote machine. That requires the private key to be 600 perms. ssh will fail otherwise.<br><br><br><div class="gmail_quote">
On Fri, Jan 13, 2012 at 3:57 PM, Tim Watts <span dir="ltr"><<a href="mailto:tim@cliftonfarm.org">tim@cliftonfarm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="im">On Fri, 2012-01-13 at 15:40 -0500, Jim Kinney wrote:<br>
> On Fri, Jan 13, 2012 at 3:28 PM, David Tomaschik<br>
> <<a href="mailto:david@systemoverlord.com">david@systemoverlord.com</a>> wrote:<br>
> You should have the public key in a file called<br>
> authorized_keys on the<br>
> server side.<br>
><br>
> Yep! Easy tool is called ssh-copy-id <user>@<hostname> will do the<br>
> RightThing (tm) on the remote end.<br>
><br>
</div>Does root's authorized_keys need to have my public key in order for me<br>
to do "ssh timtw@blueberry" from root?<br>
<br>
I can "ssh blueberry" as root using the key I gen'ed but I can't "ssh<br>
timtw@blueberry" as root (get Permission denied (publickey)). Same song<br>
when I tried to "ssh-copy-id timtw@blueberry" as root.<br>
<br>
It works when I'm timtw no problem, using my key.<br>
<div class="im"><br>
> Also you will need to edit the /etc/ssh/sshd_config file and change<br>
><br>
> #PubkeyAuthentication yes<br>
> #AuthorizedKeysFile .ssh/authorized_keys<br>
><br>
> to<br>
><br>
> PubkeyAuthentication yes<br>
> AuthorizedKeysFile .ssh/authorized_keys<br>
><br>
</div>Already had that. I can ssh as timtw with my ssh key no problem.<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
> For the back up process, you will want to put the key in the account<br>
> of the backup user on the far machine (back up data storage system -<br>
> wilma), not root user.<br>
><br>
><br>
> David<br>
><br>
><br>
> On Fri, Jan 13, 2012 at 3:06 PM, Tim Watts<br>
> <<a href="mailto:tim@cliftonfarm.org">tim@cliftonfarm.org</a>> wrote:<br>
> > OK, I did an ssh-keygen for root and managed to copy its<br>
> id_rsa.pub to<br>
> > $host:/root/.ssh. (I have "PasswordAuthentication no" in my<br>
> sshd_config<br>
> > so can't use ssh-copy-id.) On the target host it shows<br>
> this:<br>
> ><br>
> > $ sudo ls -l /root/.ssh/<br>
> > total 8<br>
> > -rw-r--r-- 1 root root 396 <a href="tel:2012-01-13%2014" value="+12012011314">2012-01-13 14</a>:36 id_rsa.pub<br>
> > -rw-r--r-- 1 root root 884 2010-11-28 13:36 known_hosts<br>
> ><br>
> > On my local machine I have this:<br>
> ><br>
> > # ls -l /root/.ssh<br>
> > total 12<br>
> > -rw------- 1 root root 1743 <a href="tel:2012-01-13%2014" value="+12012011314">2012-01-13 14</a>:25 id_rsa<br>
> > -rw-r--r-- 1 root root 396 <a href="tel:2012-01-13%2014" value="+12012011314">2012-01-13 14</a>:25 id_rsa.pub<br>
> > -rw-r--r-- 1 root root 884 2009-11-11 06:17 known_hosts<br>
> ><br>
> > The timestamp difference is due to copying it to my home<br>
> before scp-ing<br>
> > it to the target host.<br>
> ><br>
> > And yet:<br>
> ><br>
> > # ssh timtw@blueberry<br>
> > Permission denied (publickey).<br>
> > # ssh blueberry<br>
> > Permission denied (publickey).<br>
> ><br>
> > My sshd_config has "PermitRootLogin yes". What else could I<br>
> be missing?<br>
> ><br>
> ><br>
> > On Fri, 2012-01-13 at 13:56 -0500, Jim Kinney wrote:<br>
> >> root user needs to do a keygen and put the pub on wilma.<br>
> >><br>
> >> On Fri, Jan 13, 2012 at 1:40 PM, Tim Watts<br>
> <<a href="mailto:tim@cliftonfarm.org">tim@cliftonfarm.org</a>><br>
> >> wrote:<br>
> >> On Fri, 2012-01-13 at 11:51 -0500, Jim Kinney<br>
> wrote:<br>
> >> > root on fred goes to fredbak on wilma<br>
> >><br>
> >><br>
> >> Just to be clear: does this mean that the backup<br>
> job runs as<br>
> >> root but<br>
> >> rsyncs as fredbak (via ssh key) to wilma? As in:<br>
> >><br>
> >> # rsync $OPTS $SRC fredbak@$TGTHOST:$DST<br>
> >><br>
> >> I get an error when I try to do something similar:<br>
> >><br>
> >> OPTS="-az --delete-during --delete-delay -h<br>
> --progress<br>
> >> --stats"<br>
> >><br>
> >> # rsync $OPTS /etc /home/timtw<br>
> >> timtw@blueberry:/home/timtw/backups/dellberry<br>
> >> Permission denied (publickey).<br>
> >> rsync: connection unexpectedly closed (0 bytes<br>
> received so<br>
> >> far) [sender]<br>
> >> rsync error: unexplained error (code 255) at<br>
> io.c(601)<br>
> >> [sender=3.0.7]<br>
> >> #<br>
> >><br>
> >> I am able to ssh to blueberry via my ssh key when<br>
> I'm timtw<br>
> >> but not as<br>
> >> root. Is my key in the wrong place?<br>
> >><br>
> >><br>
> >> _______________________________________________<br>
> >> Ale mailing list<br>
> >> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> >> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> >> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> >> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> >><br>
> >><br>
> >><br>
> >><br>
> >> --<br>
> >> --<br>
> >> James P. Kinney III<br>
> >><br>
> >> As long as the general population is passive, apathetic,<br>
> diverted to<br>
> >> consumerism or hatred of the vulnerable, then the powerful<br>
> can do as<br>
> >> they please, and those who survive will be left to<br>
> contemplate the<br>
> >> outcome.<br>
> >> - 2011 Noam Chomsky<br>
> >><br>
> >> <a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
> >><br>
> >> _______________________________________________<br>
> >> Ale mailing list<br>
> >> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> >> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> >> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> >> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > Ale mailing list<br>
> > <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> > <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> > See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> > <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> ><br>
><br>
><br>
><br>
> --<br>
><br>
> David Tomaschik, RHCE, LPIC-1<br>
> System Administrator/Open Source Advocate<br>
> OpenPGP: 0x5DEA789B<br>
> <a href="http://systemoverlord.com" target="_blank">http://systemoverlord.com</a><br>
> <a href="mailto:david@systemoverlord.com">david@systemoverlord.com</a><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
><br>
><br>
><br>
> --<br>
> --<br>
> James P. Kinney III<br>
><br>
> As long as the general population is passive, apathetic, diverted to<br>
> consumerism or hatred of the vulnerable, then the powerful can do as<br>
> they please, and those who survive will be left to contemplate the<br>
> outcome.<br>
> - 2011 Noam Chomsky<br>
><br>
> <a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br>
</div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><br>As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as
they please, and those who survive will be left to contemplate the
outcome.<br>- <i><i><i><i>2011 Noam Chomsky<br><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i><br>