Comments on: keychain: Set Up Secure Passwordless SSH Access For Backup Scripts

By: Neil Jensen

Neil Jensen — Wed, 30 Sep 2009 04:43:23 +0000

Hi, I have been trying to get rsnapshot to run with keychain under cron for root when logged out.

For me adding
source /root/.keychain/-sh
to cmd_preexec in the rsnapshot.conf did not work
What has finally worked for me which works remotely and locally is:
under cron run a command pointing to shell scripts for hourly daily weekly and monthly rsnapshots

my script is for hourly backups is hourly.sh
#!/bin/bash
ENV=/root/.bashrc
source /root/.keychain/-sh
rsnapshot hourly

the reason why this was needed is because cron for ssh doesn’t enter a shell to perform it’s function, so before rsnapshot begins you must point the process into a shell or you get an annoying and failing error 255 stating rsync couldn’t ssh(or something like that). Then just re comment the cmd_preexec line in the rsnapshot.conf

By: Heikki Orsila

Heikki Orsila — Sun, 26 Jul 2009 16:47:58 +0000

ssh-copy-id command is an easier way to copy your public key to a server:

ssh-copy-id -i ~/.ssh/id_dsa.pub user@host

By: Lexsys

Lexsys — Fri, 19 Jun 2009 08:11:21 +0000

I have a problem with my rsnapshot configuration. If I enter your command into rsnapshot.conf file, I get an error:

ERROR: cmd_preexec source /home/lexsys/.keychain/dev-server-sh - "source" is not executable or can't be found. Please use an absolute path.

I created an executable 1.sh, placed the command into this file and write in rsnapshot.conf: cmd_preexec /root/1.sh Everything works fine.

By: Ulver

Ulver — Mon, 08 Jun 2009 13:11:31 +0000

another interesting way to protect ssh, is chroot them, but it depends of the particulary needs of each one

By: Colin

Colin — Sat, 06 Jun 2009 22:20:56 +0000

I think I found a typo.
“OpenSSH sshd server offers two additional option to protect abuse of keys. First, make sure root login disabled (PermitRootLogin yes).”