Topic: affa vs backup pc vs dungog rsync backup

[Stefano]

AFAIK ssh port must be like

Code: [Select]

-p port_number


[Bud]

Stefano thank you for your help, much apprciated

so are you saying i must do:

# ssh -p 22 192.0.0.99

i then have to put in the username and password?

[Stefano]

no, you have to do so only if port is <> from 22

[ReetP]

In your case

ssh -p 2221 root@192.0.0.99

If you leave out the user it defaults to current logged in user.

Leave out the port and it defaults to 22

Note it is much better to use keys than passwords.

[Bud]

ReetP and Stefano

# ssh -p 2221 root@192.0.0.99
ssh: connect to host 192.0.0.99 port 2221: Connection refused

# ssh -p 22221 root@192.0.0.99
ssh: connect to host 192.0.0.99 port 22221: Connection refused

# ssh -p 22 root@192.0.0.99
root@192.0.0.99's password:

what to do? 

[sages]

It's suggesting to me that ssh is running and listening on port 22 (as for a default ssh service) but not on port 22221.

[Bud]

sages

i am trying to copy files from one sme 9.2 server to another sme 9.2 server

how do add listening port 22221 on the remote sme 9.2 server?

sorry for the noob questions guys 

[Stefano]

well, you'd tell us why you want sshd listening on a different port

[Bud]

Stefano thank you for your help

i do not want to change any port however ReetP's example of Unision was:

# Root dir Far end
root = ssh://some.remote.server.com:22221//root/backup/db

# Which end do we want to be in control?
# See the differences between force and prefer here
force = ssh://some.remote.server.com:22221//root/backup/db

i understood that i need to also use port 22221

so if i can use port 22 howver i need to forward the password as well.
how do i do that?

[ReetP]

Ahhh. Note it was an EXAMPLE !!!

Personally I always change the default ssh port. Habit....

Check the wiki. Vaguely this from the top of head, but please check.

Code: [Select]

config setprop sshd TCPPort 2221

Code: [Select]

signal-event remoteaccess-update
Next you need to organise youself a passwordless ssh login.

You need some ssh keys on the client machine. Lots of info about on doing this.

Once created copy the PUBLIC key to the remote server /root/.ssh/authorized_keys

Personally I usually only ever use keys to access a server and then disable  password logins... you can do that from the server-manager easily.

Please, have a good read up on sshd, keys etc etc. If you do that you can answer some of your own questions.

[Bud]

ReetP thank you for your guidance, much appreciated

1. Server1 (192.0.0.100 ) - This is the Server Setup that will RECEIVE File(s)/Folders(s)  from the Remote Server ( 192.0.0.99 )
a. # ssh-keygen -t rsa  ( Created Keys in /root/.ssh )
    Key Files Created in " /root/.ssh " are: " id_rsa " and " id_rsa.pub "

2. Server2 (192.0.0.99 ) - This is the REMOTE Server Setup from where i require the Remote File(s)/Folder(s)
    I Copied the Key Files Created from Server1 in " /root/.ssh "  - " id_rsa " and " id_rsa.pub "  to the Server2 " /root/.ssh/authorized_keys " Folder

3. Restarted BOTH Servers

4. On Server1 where i have " unison " Installed i issue the command: # ssh -p 22 root@192.0.0.99

The Answer i get on Server1 is:
# root@192.0.0.99's password:

what now? 

[michelandre]

Hi Bud,

- You have to be in the root personal directory to create a key pair for the root user.
- When you create the keys, you must not use password, only answer with [RETURN] all the way.
- Then you copy only the "id_rsa.pub" into the /root/.ssh/authorized_keys FILE, this is not a directory.

To copy the file from the source server to the destination server you can use:
* * * * * * * * * * * *
cat /root/.ssh/id_rsa.pub | ssh -p SSH_PORT_NUMBER_ON_DESTINATION_SERVER root@destination_ip "cat >> /root/.ssh/authorized_keys"

The authenticity of host '[destination_ip]:ssh_port_number_on_destination_server ([destination_ip]:ssh_port_number_on_destination_server)' can't be established.
RSA key fingerprint is a0:2f:27:ab:cc:d8:a0:57:fc:57:ee:63:dd:58:bb:11.
Are you sure you want to continue connecting (yes/no)?  YES
Warning: Permanently added '[destination_ip]:ssh_port_number_on_destination_server' (RSA) to the list of known hosts.
root@destination_ip's password: ROOT_PASSWORD_ON_THE_REMOTE_SERVER
* * * * * * * * * * * *

Then try to login from the source server to the destination server using:
ssh -p SSH_PORT_NUMBER_ON_DESTINATION_SERVER root@destination_ip
*** You should be in without a password.

Hoping it will help,

Michel-André

[michelandre]

Hi again,

If you connect (good or bad) more than 3 times in 15 minutes, AutoBlock of SSHD will give you:
"Connection refused"

For backup, as Jean-Philippe suggested to me using BackupPC, I strongly suggest to disable AutoBlock on remote server or wait 15 minutes and try again. In fact, disable it on all your servers and install Fail2ban instead.

Code: [Select]

config setprop sshd AutoBlock disabled

signal-event remoteaccess-update

Michel-André

[ReetP]

Yes seems your issue is you copied the files to a directory called authorized_keys, not pasted into a FILE called authorized keys.

And NEVER move your private key elsewhere. ONLY the public one.

Might be worth removing all the keys and generating a new set and starting over.

An alternative method to transfer keys:

On client server

Code: [Select]

cd /root/.ssh

Code: [Select]

scp -P 22 id_rsa.pub root@remote.ip://root/.ssh/id_rsa.serv1
Enter password and the file will copy.

Ssh to remote as normal then

Code: [Select]

cd /root/.ssh

Code: [Select]

cat id_rsa.serv1 >> authorized_keys
Exit, then try to log back in. No password should be required.

Note the use of >> as opposed to >

>> is append
> is overwrite

If you use append you can add multiple keys to the authorized_keys file.

[Daniel B.]

Or simply use ssh-copy-id 😉