CentOS rsync between servers using keyfile to pass credentials

RamblingBiped

@DustinB3403

@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:

Ok well I can ssh between the servers, but both are asking for the root/.ssh/id_rsa passphrase and the root credentials.

That is where you would want passwordless sudo access tied to a specific user that will ONLY have that sudo access restricted to running your rsync command.

You'll be able to log into the remote system using your keys, and with passwordless sudo enabled, you'll not be prompted for a password when you run your sudo rsync... command.

DustinB3403

@RamblingBiped why can't I use the keys generated for this, rather than needing an outside account with passwordless sudo access?

DustinB3403

The goal is to only use the public and private keys to allow me to sync files from one server to the other via crontab (without needing to be prompted for credentials)

The public and private keys should suffice for that.

RamblingBiped

@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:

@RamblingBiped why can't I use the keys generated for this, rather than needing an outside account with passwordless sudo access?

You can, I was just suggesting how I have set up a similar environment in the past. I didn't want to have to screw around with my user's sudo settings. Also I didn't want a job/task such as this tied to a specific user's account either. By setting it up as a separate user it keeps the task from breaking when I leave the company and they kill my credentials.

DustinB3403

Ok so stepping back from your approach, I have my pub keys copied to each server, why am I being prompted for the id_rsa passphrase, and root password?

travisdh1

@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:

Ok so stepping back from your approach, I have my pub keys copied to each server, why am I being prompted for the id_rsa passphrase, and root password?

Did you put in a passphrase when asked during the keygen sequence?

Reid Cooper

@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:

Ok so stepping back from your approach, I have my pub keys copied to each server, why am I being prompted for the id_rsa passphrase, and root password?

To each? Just to one, right?

DustinB3403

@Reid-Cooper Correct, I only want to rsync files from one server to the other, not both ways. Using the keys generated.

DustinB3403

Using the rsync command above, I'm still prompted for the admin password of the target server.

Which the goal is to solely use the public and private keys for this.

DustinB3403

Which when I provide the password, the rsync operates without issue.

travisdh1

@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:

Using the rsync command above, I'm still prompted for the admin password of the target server.

Which the goal is to solely use the public and private keys for this.

If you enter a passphrase during the keygen sequence you will need to enter a password to enable use of the ssh key. So, did you enter a password in the questions asked during the keygen?

travisdh1

@travisdh1 said in CentOS rsync between servers using keyfile to pass credentials:

@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:

Using the rsync command above, I'm still prompted for the admin password of the target server.

Which the goal is to solely use the public and private keys for this.

If you enter a passphrase during the keygen sequence you will need to enter a password to enable use of the ssh key. So, did you enter a password in the questions asked during the keygen?

I know it's so very counter intuitive at first, but enabling key only authentication means you can't enter anything at that point, just enter through those two questions.

stacksofplates

So to reiterate, here's what I'd do:

If you don't need elevated privileges use a regular account.

ssh-keygen -t rsa -b 4096

Just enter through the prompts

Then:

ssh-copy-id -i user@remotehost

Then do the same for the other machine.

What's your output of ls -lZ in the /home/user/.ssh/ directory?

$20 says if you just did a touch authorized_keys it's going to have the wrong permissions/context.

JaredBusch

@travisdh1 said in CentOS rsync between servers using keyfile to pass credentials:

@travisdh1 said in CentOS rsync between servers using keyfile to pass credentials:

@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:

Using the rsync command above, I'm still prompted for the admin password of the target server.

Which the goal is to solely use the public and private keys for this.

If you enter a passphrase during the keygen sequence you will need to enter a password to enable use of the ssh key. So, did you enter a password in the questions asked during the keygen?

I know it's so very counter intuitive at first, but enabling key only authentication means you can't enter anything at that point, just enter through those two questions.

It is not counter intuitive at all. it is a second form of authentication. Key + Password. He just messed up and set it up that way. He needs to redo the key without a password.

JaredBusch

@stacksofplates said in CentOS rsync between servers using keyfile to pass credentials:

So to reiterate, here's what I'd do:

If you don't need elevated privileges use a regular account.

ssh-keygen -t rsa -b 4096

Just enter through the prompts

Then:

ssh-copy-id -i user@remotehost

Then do the same for the other machine.

What's your output of ls -lZ in the /home/user/.ssh/ directory?

$20 says if you just did a touch authorized_keys it's going to have the wrong permissions/context.

No, my $20 is on he did not "just enter through the prompts"

stacksofplates

@JaredBusch said in CentOS rsync between servers using keyfile to pass credentials:

@stacksofplates said in CentOS rsync between servers using keyfile to pass credentials:

So to reiterate, here's what I'd do:

If you don't need elevated privileges use a regular account.

ssh-keygen -t rsa -b 4096

Just enter through the prompts

Then:

ssh-copy-id -i user@remotehost

Then do the same for the other machine.

What's your output of ls -lZ in the /home/user/.ssh/ directory?

$20 says if you just did a touch authorized_keys it's going to have the wrong permissions/context.

No, my $20 is on he did not "just enter through the prompts"

I did say "if" he manually created that file. My initial $20 is with yours.

DustinB3403

@JaredBusch said in CentOS rsync between servers using keyfile to pass credentials:

@stacksofplates said in CentOS rsync between servers using keyfile to pass credentials:

So to reiterate, here's what I'd do:

If you don't need elevated privileges use a regular account.

ssh-keygen -t rsa -b 4096

Just enter through the prompts

Then:

ssh-copy-id -i user@remotehost

Then do the same for the other machine.

What's your output of ls -lZ in the /home/user/.ssh/ directory?

$20 says if you just did a touch authorized_keys it's going to have the wrong permissions/context.

No, my $20 is on he did not "just enter through the prompts"

I did not (just enter through), doing it now.

DustinB3403

Wow, so simple, but still when attempting the rsync operation, I'm being prompted for the remote server root password.

Any ideas on that?

DustinB3403

Nevermind, seems to work when I don't bother telling the system to use the authorized key.

travisdh1

@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:

Nevermind, seems to work when I don't bother telling the system to use the authorized key.

That IS kinda the idea. ssh just handles that for you, even when called from another program like rsync.