Chris,
Thanks for taking notes! Corrections are inline below.
On Feb 20, 2004, at 12:56, Chris Reames wrote:
> I have not had an oppertunity to fully examine the SSH/ssh-keygen
> commands
> in regards to the null passphrase, but here are the commands we used
> and the
> explinations of each component.
>
> Identifyers
> IP address 192.168.1.245 = Client Machine
> IP address 192.168.1.5 = Server/Host Machine
>
> ssh-keygen -b [512,1024] -t [RSA1,RSA,DSA] -N [passphrase] -C
> [comment] -f
> [filename]
> -b = encryption bits generated default is 1024, so this flag is
> optional.
> -t = encryption key type depends on SSH version. SSH Version 1 only
> supports RSA1
> -N = passphrase declaration.
> To reset passphrase use ( ssh-keygen -p -P [oldpassphrase] -N
> [newpassphrase] -f [filename]
> -C = Key comment default set to user@host
> To reset comment use ( ssh-keygen -c -P [passphrase] -C
> [newcomment] -f
> [filename]
> -f = File name to use. File located in $HOME/.ssh/
> private key is [filename]
> public key is [filename].pub
>
> For our example we used the following commands:
> HOST# ssh backupuser@192.168.1.245
> CLIENT# Password: password
> CLIENT# ssh-keyged -t RSA -f id_rsa
> CLIENT# (we did a scp command to copy the public key back to the Host
> Machine)
> CLIENT# ssh backupuser@192.168.1.5
> CLIENT# HOST# Password: password
> CLIENT# HOST# (append id-rsa.pub to $HOME/.ssh/authorized_keys)
> CLIENT# HOST# ssh-keyged -t RSA -f id_rsa
This should be ssh-keygen, of course.
> CLIENT# HOST# (we did a scp command to copy the public key back to the
> Client Machine)
> (we then disconnected from the CLIENT# HOST#)
> CLIENT# (append id-rsa.pub to $HOME/.ssh/authorized_keys)
> (we then disconnected from the CLIENT#)
> HOST# ssh backupuser@192.168.1.245
> (This should have connected us directly using the authorized_keys. We
> may
> be having a problem with the default settings in SSH for null
> passphrases.
> I could not find anything referring to passphrases in any /etc/ssh
> files)
>
>
> On to the TAR backup commands
>
> tar czf - [source path] | ssh [host machine] dd of=[destination
> path/filename.tgz]
>
> tar = Tape Archiver
> czf = Create/Zip/File
> - = stdout (overrides default tape out)
> [source path] = source directory path from root
> [host machine] = IP address of backup destination machine
> dd = DirectData
> of = OutputFile
> [destination path/filename.tgz] = path from root and desired filename
>
> For our example we used the following command:
> tar czf - /home/backupuser/ | ssh 192.168.1.5 dd
> of=/data/backupfile.tgz
>
> In a continuation of this command we theorized a directdata output
> directly
> to a tape device.
> The use of mt commands would allow us to control the tape drive.
>
> mt -f /dev/tape rewind
> tar czf /dev/tape/[filename]
This part is incorrect. It should be
tar czf /dev/tape [list of files to be backed up]
> mt -f /dev/tape offline
>
> Note: the -f /dev/tape portion is optional. by default the mt command
> should be directed to your tape drive.
>
> Final conclusion of commands:
> tar czf - [source path] | ssh [host machine] dd
> of=/dev/[device]/[filename]
The same idea works here. You should, at a minimum, have a space after
'/dev/[device]', and a path to which to place [filename], like so:
tar czf - [source path] | ssh [host machine] dd of=/dev/[device]
[/path/to/filename]
>
> This theoretically will backup a client directory directly to a host
> device.
> Limitations = Harddrive file 4GB all other devices have media
> limitations.
>
>
> I believe I have everything correct, Please check through and add any
> corrections.
> Mishka, please post this to the Wiki for me with corrections.
>
> Thank you for your time.
> Chris Reames
>
Thank you,
Kevin
___________________
Nolug mailing list
nolug@nolug.org
Received on 02/21/04
This archive was generated by hypermail 2.2.0 : 12/19/08 EST