|
|
|
|
|
|||||||
| Web & Network Services Discussion related to network/web services such as apache, bind, sendmail, etc. |
 |
|
|
Thread Tools | Display Modes |
|
|
|
#1
March 26th, 2011, 14:56
|
|||
|
|||
Automated ssh-agent
I'm running a backup server and am working on using rsnapshot (was using bacula, but for this particular application I think rsnapshot is a better fit).
I have set up rsa key authentication to the machine to be backed up, but I am using passphrases. I understand ssh-agent will allow me to ssh without entering the passphrase, which is what needs to be done. I have run ssh-agent manually and it does work. What I am having trouble figuring out is how to load ssh-agent on boot so that this process never needs my intervention. I've found lots of articles for linux, but have not tracked down FreeBSD information that I can understand. I am coming from an archlinux background, and have not quite mastered the BSD way of doing some things; in particular, I haven't figured out the csh differences. (This needs to be a root login over ssh). Last edited by DutchDaemon; March 26th, 2011 at 22:15. 
|
|
#2
March 26th, 2011, 22:43
|
||||
|
||||
|
I think that security/autossh might be what you are looking for. If you want this to start at boot you could write an rc start up script. Or you can just add it in your crontab
Have a look ad the end here on how to do this.
__________________
Powered by BareBSD Last edited by DutchDaemon; March 26th, 2011 at 23:08. Reason: [port] tags are fun
|
|
#3
March 27th, 2011, 01:41
|
||||
|
||||
|
There's also security/keychain. That allows you to enter the passphrases for each key once, and they are stored in RAM until you logout.
|
|
#4
March 27th, 2011, 14:09
|
|||
|
|||
|
I'll take a look at autossh. The thing about keychain is that I don't login to the backup server in order to do backups, that's automated to run in the middle of the night. I wouldn't want to leave an open root login on the machine.
|
|
#5
March 28th, 2011, 00:13
|
|||
|
|||
|
Quote:
Quote:
|
|
#6
March 28th, 2011, 03:26
|
||||
|
||||
|
You can also use password-less keys, and security/sudo to accomplish the same thing. This is what we do for our backups.
The backups user on the remote systems are normal, low-privilege users. The password for the backups user is set to * manually in passwd(5) so that no local logins are allowed. And sshd_config(5) is set to not allow password logins (only key logins). sudoers(5) is configured so that the backups user can run the backup command as root, without a password. No other privileges are allowed in the sudo setup. On the backups server, the key file is only readable by root, and the backups process is executed by root (but the remote logins are done as the backups user).
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Automated FreeBSD install | preechaaaesanan | Installation and Maintenance of FreeBSD Ports or Packages | 2 | December 12th, 2010 04:58 |
| automated install incorrect partition type | babel17 | Installing & Upgrading | 7 | June 30th, 2010 18:08 |
| [Solved] I am looking for gpg-agent | eyebone | Installation and Maintenance of FreeBSD Ports or Packages | 2 | June 24th, 2010 20:51 |
| How to do 100% system automated backups via cvsup | inurneck | Howtos & FAQs (Moderated) | 5 | January 31st, 2010 12:05 |
| No User-Agent Logging | kikopkau | Web & Network Services | 4 | October 2nd, 2009 08:46 |
Hybrid Mode
