Solved using (rsync) with ssh without password prompt

[georges]

Hi there,

I am trying to use ssh between 2 machine without password so I can automate rsync for unattended backup.

On the NAS drive running a customized version of Debian Wheezy.

I did:
ssh-keygen (skip the password prompt and create the key)
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server

But when I ssh to the server (FreeBSD) it keeps asking for password.

When I reverse the setup and connect to the NAS from FreeBSD, it does not ask for password which is what I wanted.

I am missing a step somewhere.

Any ideas?

Thanks

 

[tankist02]

Sometimes it helps to add -v or -vv for ssh to see what's going on...

 

[SirDice]

You need to copy the key from the client to the server, not the other way around.

 

[georges]

OK, I thought that what I was doing.
Deleted everything and started all over (I must have messed up somewhere previously)) . Working now. Here what I did

This is on a Linux NAS to FreeBSD 10.1

ssh-keygen -t dsa
ssh-agent bash
ssh-add
ssh-copy-id user@freebsdserver

(Difference this time I added a passphrase to the keys. Probably a coincidence after clean up ).

Thanks

 

[storvi_net]

To achieve a higher security, you should limit the ssh-key to the rsync-Command.

Please look in sshd() in the AUTHORIZED_KEYS FILE FORMAT - Section for "command"-Directive.

Regards
Markus

 

[georges]

Hi Storvi_net

Yes I will look into this. This is the second part of my education

One point though, I have one user who is not root but in wheels group and he will be responsible for the backups. I modified the permission on the backup mirror (group write/read) so that this user can read write to it. I am confused about this
some say it should only be root for security. It makes sense ... I guess.

Sorry for the questions, I am just trying to learn best practice.

Bearing in mind that the NAS only allow/has one user and that is root.

 

[georges]

I will open new thread for new problems as this really solved at it is. Thanks all.