I have not had an oppertunity to fully examine the SSH/ssh-keygen commands
in regards to the null passphrase, but here are the commands we used and the
explinations of each component.
Identifyers
IP address 192.168.1.245 = Client Machine
IP address 192.168.1.5 = Server/Host Machine
ssh-keygen -b [512,1024] -t [RSA1,RSA,DSA] -N [passphrase] -C [comment] -f
[filename]
-b = encryption bits generated default is 1024, so this flag is optional.
-t = encryption key type depends on SSH version. SSH Version 1 only
supports RSA1
-N = passphrase declaration.
To reset passphrase use ( ssh-keygen -p -P [oldpassphrase] -N
[newpassphrase] -f [filename]
-C = Key comment default set to user@host
To reset comment use ( ssh-keygen -c -P [passphrase] -C [newcomment] -f
[filename]
-f = File name to use. File located in $HOME/.ssh/
private key is [filename]
public key is [filename].pub
For our example we used the following commands:
HOST# ssh backupuser@192.168.1.245
CLIENT# Password: password
CLIENT# ssh-keyged -t RSA -f id_rsa
CLIENT# (we did a scp command to copy the public key back to the Host
Machine)
CLIENT# ssh backupuser@192.168.1.5
CLIENT# HOST# Password: password
CLIENT# HOST# (append id-rsa.pub to $HOME/.ssh/authorized_keys)
CLIENT# HOST# ssh-keyged -t RSA -f id_rsa
CLIENT# HOST# (we did a scp command to copy the public key back to the
Client Machine)
(we then disconnected from the CLIENT# HOST#)
CLIENT# (append id-rsa.pub to $HOME/.ssh/authorized_keys)
(we then disconnected from the CLIENT#)
HOST# ssh backupuser@192.168.1.245
(This should have connected us directly using the authorized_keys. We may
be having a problem with the default settings in SSH for null passphrases.
I could not find anything referring to passphrases in any /etc/ssh files)
On to the TAR backup commands
tar czf - [source path] | ssh [host machine] dd of=[destination
path/filename.tgz]
tar = Tape Archiver
czf = Create/Zip/File
- = stdout (overrides default tape out)
[source path] = source directory path from root
[host machine] = IP address of backup destination machine
dd = DirectData
of = OutputFile
[destination path/filename.tgz] = path from root and desired filename
For our example we used the following command:
tar czf - /home/backupuser/ | ssh 192.168.1.5 dd of=/data/backupfile.tgz
In a continuation of this command we theorized a directdata output directly
to a tape device.
The use of mt commands would allow us to control the tape drive.
mt -f /dev/tape rewind
tar czf /dev/tape/[filename]
mt -f /dev/tape offline
Note: the -f /dev/tape portion is optional. by default the mt command
should be directed to your tape drive.
Final conclusion of commands:
tar czf - [source path] | ssh [host machine] dd of=/dev/[device]/[filename]
This theoretically will backup a client directory directly to a host device.
Limitations = Harddrive file 4GB all other devices have media limitations.
I believe I have everything correct, Please check through and add any
corrections.
Mishka, please post this to the Wiki for me with corrections.
Thank you for your time.
Chris Reames
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/20/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST