Rsync with the 50GB backup plan without password not working


#1

I have setup the Backup User for the 50GB backup plan using rsync between my Ubunutu box and DH Backup User. I can run the command like:
rsync -e ssh -av /var/www @server.dreamhost.com:~/testbkup
and it works fine.

The catch is that I have to give password everytime I run that command. I have tried to out the authorized_keys file (with the public key of my Ubuntu machine) under .ssh directory in the root of my backup directory but it does not work either.

Any idea if this can be done?

If not, then can I write a shell script and have a cron setup to execute that? How would I tackle the password prompt in the shell script?

Thanks.
AJ


#2

I generated my SSH keys on my Mac and your command works. It’s the same SSH key I use to SSH and rsync to my website. Have you tried the same keypair for your website? If it fails, a ‘ssh -v’ will tell you why.


#3

Chances are that the permissions on your .ssh directory are wrong, either locally or on the remote end. Needs to be set chmod 700.


#4

Weird, when I try to login to my website, it asks me the passphrase of the ssh key (the one I used to create my RSA key).


#5

Here’s the refresher from the wiki:
http://wiki.dreamhost.com/Ssh

The interesting bit asking if you entered a password when you generated the key. I don’t so I can SSH in without it asking me for a passphrase, but I keep my private key locked down.


#6

Thanks much for pointing that out. I had to not only NOT put the passphrase while creating the ssh key but also had to correct the permissions on authorized_keys on Backup User server. Had to be 755. :slight_smile:

I have no clue how that passphrase slipped through my mind though…I guess I need to drink less. :slight_smile:


#7

I go a bit overboard in my permissions. I set .ssh to 700 and authorized_keys to 600. It’s all about ME!


#8

I use keychain not only for backup but for other uses http://www.cyberciti.biz/faq/ssh-passwordless-login-with-keychain-for-scripts/ a good tutorial about, and of course the official site http://sshkeychain.sourceforge.net/ but I can bet a whopper that you can do sudo aptitude install keychain.

From the Debian description:
Description: key manager for OpenSSH
Keychain is an OpenSSH key manager, typically run from ~/.bash_profile. When keychain is run, it checks for a running ssh-agent, otherwise it starts one. It saves the ssh-agent environment variables to ~/.keychain/${HOSTNAME}-sh, so that subsequent logins and non-interactive shells such as cron jobs can source the file and make passwordless ssh connections. In addition, when keychain runs, it verifies that the key files specified on the command-line are known to ssh-agent, otherwise it loads them, prompting you for a password if necessary.