[Nolug] Meeting Notes, Please review

From: Chris Reames <chris_at_drugfreemro.com>
Date: Fri, 20 Feb 2004 12:56:53 -0600
Message-ID: <MHEMLJJHACJLNNFAGGPBOEKDCHAA.chris@drugfreemro.com>

I have not had an oppertunity to fully examine the SSH/ssh-keygen commands
in regards to the null passphrase, but here are the commands we used and the
explinations of each component.

Identifyers
IP address 192.168.1.245 = Client Machine
IP address 192.168.1.5 = Server/Host Machine

ssh-keygen -b [512,1024] -t [RSA1,RSA,DSA] -N [passphrase] -C [comment] -f
[filename]
-b = encryption bits generated default is 1024, so this flag is optional.
-t = encryption key type depends on SSH version. SSH Version 1 only
supports RSA1
-N = passphrase declaration.
     To reset passphrase use ( ssh-keygen -p -P [oldpassphrase] -N
[newpassphrase] -f [filename]
-C = Key comment default set to user@host
     To reset comment use ( ssh-keygen -c -P [passphrase] -C [newcomment] -f
[filename]
-f = File name to use. File located in $HOME/.ssh/
     private key is [filename]
     public key is [filename].pub

For our example we used the following commands:
HOST# ssh backupuser@192.168.1.245
CLIENT# Password: password
CLIENT# ssh-keyged -t RSA -f id_rsa
CLIENT# (we did a scp command to copy the public key back to the Host
Machine)
CLIENT# ssh backupuser@192.168.1.5
CLIENT# HOST# Password: password
CLIENT# HOST# (append id-rsa.pub to $HOME/.ssh/authorized_keys)
CLIENT# HOST# ssh-keyged -t RSA -f id_rsa
CLIENT# HOST# (we did a scp command to copy the public key back to the
Client Machine)
(we then disconnected from the CLIENT# HOST#)
CLIENT# (append id-rsa.pub to $HOME/.ssh/authorized_keys)
(we then disconnected from the CLIENT#)
HOST# ssh backupuser@192.168.1.245
(This should have connected us directly using the authorized_keys. We may
be having a problem with the default settings in SSH for null passphrases.
I could not find anything referring to passphrases in any /etc/ssh files)

On to the TAR backup commands

tar czf - [source path] | ssh [host machine] dd of=[destination
path/filename.tgz]

tar = Tape Archiver
czf = Create/Zip/File
- = stdout (overrides default tape out)
[source path] = source directory path from root
[host machine] = IP address of backup destination machine
dd = DirectData
of = OutputFile
[destination path/filename.tgz] = path from root and desired filename

For our example we used the following command:
tar czf - /home/backupuser/ | ssh 192.168.1.5 dd of=/data/backupfile.tgz

In a continuation of this command we theorized a directdata output directly
to a tape device.
The use of mt commands would allow us to control the tape drive.

mt -f /dev/tape rewind
tar czf /dev/tape/[filename]
mt -f /dev/tape offline

Note: the -f /dev/tape portion is optional. by default the mt command
should be directed to your tape drive.

Final conclusion of commands:
tar czf - [source path] | ssh [host machine] dd of=/dev/[device]/[filename]

This theoretically will backup a client directory directly to a host device.
Limitations = Harddrive file 4GB all other devices have media limitations.

I believe I have everything correct, Please check through and add any
corrections.
Mishka, please post this to the Wiki for me with corrections.

Thank you for your time.
Chris Reames

___________________
Nolug mailing list
nolug@nolug.org
Received on 02/20/04

This archive was generated by hypermail 2.2.0 : 12/19/08 EST