Copiar clave pública en un ssh agent remoto

[raspdroid]

Hola,

Generé unas claves con ssh-keygen -t rsa en una raspberry pi y quiero copiar id_rsa.pub en en ssh-agent de la otra raspberry pi pero cada vez que lo intento me da error mktemp.failed.

Code: Select all

su -m rdiff-backup
ssh-copy-id -i id_rsa.pub usuario_sudo@dominio.com -p1234

mktemp: failed to create file via template ‘/root/.ssh/ssh-copy-id_id.XXXXXXXXXX’: Permission denied

Es para que cuando se hagan las copias con rdiff-backup no requiera interacción humana.
https://www.howtoforge.com/linux_rdiff_backup


¿Alguna idea de por qué no permite copiarla? en el error dice que no tiene permisos para crear el archivo a través de la plantilla ‘/root/.ssh/ssh-copy-id_id.XXXXXXXXXX’ pero es que tal plantilla no está en ninguna de las dos raspberry pi.

Saludos

[raspdroid]

También probé a copiar id_rsa.pub a la otra raspi con filezilla(sftp) y añadirla al ssh-agent con ssh-add Pero después de usar

ssh-add id_rsa.pub me pide un passphrase, el cual no añadí porque quiero que no haya interacción humana como dice en el tutorial del enlace de arriba, entonces le doy a enter pero parece que no la agrega porque ejecuto:

ssh-keygen -l

y dice

The agent has no identities.

No la añade.

La que si añade es la del archivo id_rsa , que se supone que es la privada.

root@raspberrypi:/home/usuario_sudo/.ssh# ssh-add id_rsa
Identity added: id_rsa (rsa w/o comment)

Code: Select all

ssh-add -l
2048 77:15:a5:db:bc:56:71:dc:79:36:3e:25:37:h9:7b:3n rsa w/o comment (RSA)

Pero se supone que la que tiene que tener la máquina remota es la pública o no es así?

[raspdroid]

Funciona bien con 'cat' como se explica aquí:

https://www.raspberrypi.org/documentati ... ordless.md

Pero si le antepongo esto en el archivo authorized_keys ya me vuelve a pedir la contraseña cuando me intento conectar a esa raspberry.

Code: Select all

command="rdiff-backup --server --restrict-read-only /",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty

Ya he probado con el dominio, con la ip, con la ip que me devuelve "dig domino.com" pero no me funciona.


Sin esa línea si que copia bien.
Tengo un disco HDD montado en /mnt/disco1HDD1Tb y una carpeta nombrada boot con los cuyo propietario y grupo es rdiff-backup.

Code: Select all

su -m rdiff-backup

Code: Select all

rdiff-backup --remote-schema "ssh -C -p1234 %s rdiff-backup --server" usuario@dominio.com::/boot boot/

Y copia sin problemas el directorio boot de una raspberry pi al otro disco duro de la otra raspberry pi.

Code: Select all

rdiff-backup@raspberrypi:~/disco1HDD1Tb$ ls -lai boot/
total 20428
118785 drwxr-xr-x 5 rdiff-backup rdiff-backup    4096 Jan  1  1970 .
     2 drwxr-xr-x 4 root         root            4096 Jan 29 12:20 ..
118798 -rwxr-xr-x 1 rdiff-backup rdiff-backup   14010 Sep 22 08:07 bcm2708-rpi-b.dtb
118797 -rwxr-xr-x 1 rdiff-backup rdiff-backup   14273 Sep 22 08:07 bcm2708-rpi-b-plus.dtb
118799 -rwxr-xr-x 1 rdiff-backup rdiff-backup   13964 Sep 22 08:07 bcm2708-rpi-cm.dtb
118800 -rwxr-xr-x 1 rdiff-backup rdiff-backup   15356 Sep 22 08:07 bcm2709-rpi-2-b.dtb
118801 -rwxr-xr-x 1 rdiff-backup rdiff-backup   15992 Sep 22 08:07 bcm2710-rpi-3-b.dtb
118802 -rwxr-xr-x 1 rdiff-backup rdiff-backup   15350 Oct 24 11:41 bcm2710-rpi-cm3.dtb
118803 -rwxr-xr-x 1 rdiff-backup rdiff-backup   17932 Jun 22  2016 bootcode.bin
118804 -rwxr-xr-x 1 rdiff-backup rdiff-backup     137 Jan 24 00:33 cmdline.txt
118805 -rwxr-xr-x 1 rdiff-backup rdiff-backup    1635 Nov 25 17:24 config.txt
118791 -rwxr-xr-x 1 rdiff-backup rdiff-backup   18693 Aug 21  2015 COPYING.linux
118807 -rwxr-xr-x 1 rdiff-backup rdiff-backup    2527 Nov 25 16:35 fixup_cd.dat
118806 -rwxr-xr-x 1 rdiff-backup rdiff-backup    6620 Nov 25 16:35 fixup.dat
118808 -rwxr-xr-x 1 rdiff-backup rdiff-backup    9751 Nov 25 16:35 fixup_db.dat
118809 -rwxr-xr-x 1 rdiff-backup rdiff-backup    9749 Nov 25 16:35 fixup_x.dat
118810 -rwxr-xr-x 1 rdiff-backup rdiff-backup     145 Nov 25 17:56 issue.txt
118812 -rwxr-xr-x 1 rdiff-backup rdiff-backup 4231408 Nov 25 16:35 kernel7.img
118811 -rwxr-xr-x 1 rdiff-backup rdiff-backup 4128712 Nov 25 16:35 kernel.img
118792 -rwxr-xr-x 1 rdiff-backup rdiff-backup    1494 Nov 18  2015 LICENCE.broadcom
118793 -rwxr-xr-x 1 rdiff-backup rdiff-backup   18974 Nov 25 17:56 LICENSE.oracle
118813 drwxr-xr-x 2 rdiff-backup rdiff-backup    4096 Nov 25 17:24 overlays
118786 drwx------ 3 rdiff-backup rdiff-backup    4096 Jan 29 12:22 rdiff-backup-data
118910 -rwxr-xr-x 1 rdiff-backup rdiff-backup  633636 Nov 25 16:35 start_cd.elf
118911 -rwxr-xr-x 1 rdiff-backup rdiff-backup 4954692 Nov 25 16:35 start_db.elf
118909 -rwxr-xr-x 1 rdiff-backup rdiff-backup 2821540 Nov 25 16:35 start.elf
118912 -rwxr-xr-x 1 rdiff-backup rdiff-backup 3904260 Nov 25 16:35 start_x.elf
118794 drwxr-xr-x 2 rdiff-backup rdiff-backup    4096 Jan 28 12:06 System Volume Information

Ahora me falta poder hacer lo mismo pero sin que el usuario rdiff-backup tenga accesos de escritura en la raspberrypi que vaya a copiar. ¿Alguna idea de como hacerlo?

Saludos

[lmarmisa]

Yo no me lío y uso scp en origen y cat en destino.

En el origen:

Code: Select all

cd .ssh
scp id_rsa.pub pi@192.168.x.y:.

En el destino:

Code: Select all

cd
cat id_rsa.pub >> .ssh/authorized_keys
rm id_rsa.pub

NOTA: si se desea usar claves RSA para acceso remoto seguro ssh sin teclear password, no se deben definir las claves RSA con passphrase.

[raspdroid]

Gracias por la respuesta,

Está más guai así:

Code: Select all

cat ~/.ssh/id_rsa.pub | ssh <USERNAME>@<IP-ADDRESS> 'cat >> .ssh/authorized_keys'

Así no tienes que borrar luego el archivo ya que no se crea.

Saludos

[raspdroid]

Por cierto sabrás de otra manera para que el usuario que se conecte con esa clave solo pueda leer el sistema de archivos?

[lmarmisa]

Por cierto sabrás de otra manera para que el usuario que se conecte con esa clave solo pueda leer el sistema de archivos?

Yo crearía en el destino un usuario diferente para sólo lectura.

Añadiría ese segundo usuario al grupo del primer usuario que tiene todos los privilegios y, en principio, ya sería suficiente.

Code: Select all

sudo usermod -a -G groupName userName

Lo de "en principio" lo digo porque los privilegios de ficheros y carpetas suelen permitir sólo lectura a nivel de grupo (umask por defecto). Eso suele ser lo normal.

[raspdroid]

Probé con root en ambas máquinas, en la fuente edité la configuración de ssh y PermitRootLogin lo puse a yes.

Y en el origen ejecuto rdiff-backup como root. Después de un rato copiando todo sin problemas empiezan a salir estos errores por falta de permisos:

Processing changed file sbin/mkfs.msdos
Processing changed file sbin/mkfs.vfat
Processing changed file sbin/mkhomedir_helper
Processing changed file sbin/mkswap
Processing changed file sbin/mntctl
Processing changed file sbin/modinfo
Processing changed file sbin/modprobe
Processing changed file sbin/mount.cifs
Processing changed file sbin/mount.nfs
Processing changed file sbin/mount.nfs4
Processing changed file sbin/mountall
Processing changed file sbin/nameif
Processing changed file sbin/osd_login
Processing changed file sbin/pam_tally
Processing changed file sbin/pam_tally2
Processing changed file sbin/parted
Processing changed file sbin/partprobe
Processing changed file sbin/pivot_root
Processing changed file sbin/plipconfig
Processing changed file sbin/plymouthd
Processing changed file sbin/poweroff
Processing changed file sbin/rarp
Processing changed file sbin/raw
Processing changed file sbin/reboot
Processing changed file sbin/regdbdump
Processing changed file sbin/request-key
Processing changed file sbin/resize2fs
Processing changed file sbin/resolvconf
Processing changed file sbin/rmmod
Processing changed file sbin/route
Processing changed file sbin/rpc.statd
Processing changed file sbin/rpcbind
Processing changed file sbin/rtacct
Processing changed file sbin/rtmon
Processing changed file sbin/runlevel
Processing changed file sbin/runuser
Processing changed file sbin/setcap
Processing changed file sbin/sfdisk
Processing changed file sbin/shadowconfig
Processing changed file sbin/showmount
Processing changed file sbin/shutdown
Processing changed file sbin/slattach
Processing changed file sbin/sm-notify
Processing changed file sbin/start-stop-daemon
Processing changed file sbin/sulogin
Processing changed file sbin/swaplabel
Processing changed file sbin/swapoff
Processing changed file sbin/swapon
Processing changed file sbin/switch_root
Processing changed file sbin/sysctl
Processing changed file sbin/tc
Processing changed file sbin/telinit
Processing changed file sbin/tipc
Processing changed file sbin/tune2fs
Processing changed file sbin/udevadm
Processing changed file sbin/umount.nfs
Processing changed file sbin/umount.nfs4
Processing changed file sbin/unix_chkpwd
Processing changed file sbin/unix_update
Processing changed file sbin/wipefs
Processing changed file sbin/wpa_action
Processing changed file sbin/wpa_cli
Processing changed file sbin/wpa_supplicant
Exception '[Errno 13] Permission denied: '/sys/bus/amba/drivers/uart-pl011/bind'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/amba/drivers/uart-pl011/bind [Errno 13] Permission denied: '/sys/bus/amba/drivers/uart-pl011/bind'
Exception '[Errno 13] Permission denied: '/sys/bus/amba/drivers/uart-pl011/uevent'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/amba/drivers/uart-pl011/uevent [Errno 13] Permission denied: '/sys/bus/amba/drivers/uart-pl011/uevent'
Exception '[Errno 13] Permission denied: '/sys/bus/amba/drivers/uart-pl011/unbind'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/amba/drivers/uart-pl011/unbind [Errno 13] Permission denied: '/sys/bus/amba/drivers/uart-pl011/unbind'
Exception '[Errno 13] Permission denied: '/sys/bus/amba/drivers_probe'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/amba/drivers_probe [Errno 13] Permission denied: '/sys/bus/amba/drivers_probe'
Exception '[Errno 13] Permission denied: '/sys/bus/amba/uevent'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/amba/uevent [Errno 13] Permission denied: '/sys/bus/amba/uevent'
Exception '[Errno 13] Permission denied: '/sys/bus/clockevents/drivers_probe'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/clockevents/drivers_probe [Errno 13] Permission denied: '/sys/bus/clockevents/drivers_probe'
Exception '[Errno 13] Permission denied: '/sys/bus/clockevents/uevent'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/clockevents/uevent [Errno 13] Permission denied: '/sys/bus/clockevents/uevent'
Exception '[Errno 13] Permission denied: '/sys/bus/clocksource/drivers_probe'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/clocksource/drivers_probe [Errno 13] Permission denied: '/sys/bus/clocksource/drivers_probe'
Exception '[Errno 13] Permission denied: '/sys/bus/clocksource/uevent'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/clocksource/uevent [Errno 13] Permission denied: '/sys/bus/clocksource/uevent'
Exception '[Errno 13] Permission denied: '/sys/bus/container/drivers_probe'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/container/drivers_probe [Errno 13] Permission denied: '/sys/bus/container/drivers_probe'
Exception '[Errno 13] Permission denied: '/sys/bus/container/uevent'' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1174, in open
else: return open(self.path, mode)

ListError sys/bus/container/uevent [Errno 13] Permission denied: '/sys/bus/container/uevent'
Processing changed file sbin/xtables-multi
Processing changed file sbin/zramctl
Processing changed file srv
Processing changed file sys
Processing changed file sys/block
Processing changed file sys/block/loop0
Processing changed file sys/block/loop1
Processing changed file sys/block/loop2
Processing changed file sys/block/loop3
Processing changed file sys/block/loop4
Processing changed file sys/block/loop5
Processing changed file sys/block/loop6
Processing changed file sys/block/loop7
Processing changed file sys/block/mmcblk0
Processing changed file sys/block/ram0
Processing changed file sys/block/ram1
Processing changed file sys/block/ram10
Processing changed file sys/block/ram11
Processing changed file sys/block/ram12
Processing changed file sys/block/ram13


Exception '[Errno 22] Invalid argument' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1415, in read
def read(self, length = -1): return self.file.read(length)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/hash.py", line 47, in read
buf = self.fileobj.read(length)

Exception '[Errno 95] Operation not supported' raised of class '<type 'exceptions.IOError'>':
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1415, in read
def read(self, length = -1): return self.file.read(length)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/hash.py", line 47, in read
buf = self.fileobj.read(length)

Sending back exception [Errno 95] Operation not supported of type <type 'exceptions.IOError'>:
File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 335, in answer_request
result = apply(eval(request.function_string), argument_list)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/connection.py", line 485, in readfromid
if length is None: return cls.vfiles[id].read()
File "/usr/lib/python2.7/dist-packages/rdiff_backup/iterfile.py", line 302, in read
if not self.addtobuffer(): break
File "/usr/lib/python2.7/dist-packages/rdiff_backup/iterfile.py", line 332, in addtobuffer
self.addfromfile("f")
File "/usr/lib/python2.7/dist-packages/rdiff_backup/iterfile.py", line 224, in addfromfile
[Globals.blocksize])
File "/usr/lib/python2.7/dist-packages/rdiff_backup/robust.py", line 32, in check_common_error
try: return function(*args)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/rpath.py", line 1415, in read
def read(self, length = -1): return self.file.read(length)
File "/usr/lib/python2.7/dist-packages/rdiff_backup/hash.py", line 47, in read
buf = self.fileobj.read(length)

[raspdroid]

Para descartar que sea la estación de discos lo estoy copiando a mi máquina que va más lento porque está en otra red pero a ver....

También voy a probar con Attic y Zbackup a ver si hay alguno que me haga una copia completa sin morir en el intento.

EDITO: La copia que hice en mi máquina da exactamente los mismos errores de permisos y también se desconecta de la máquina remota.

[raspdroid]

Estoy probando Attic y con esta configuración de momento no se caído la conexión y parece estar copiando.

Desde la raspberrypi a clonar:

Para crear el repositorio en la máquina destino

Code: Select all

sudo attic init ssh://usuario@192.168.1.50:2244/backup/discoHDD1/repo-raspberrypi1.attic

Para iniciar la copia.

Code: Select all

sudo attic create ssh://usuario_sudo@192.168.1.50:2244/backup/discoHDD1/repo-raspberrypi1.attic::lunes-30-01-2017 / --exclude /proc --exclude /tmp --exclude /sys --exclude /mnt --exclude /var/backup  --exclude /usr/lib/python3/dist-packages/attic/

Sino se excluye /usr/lib/python3/dist-packages/attic/ /proc y /sys peta se cae la conexión.

Eso copiaría el rootfs (/) en el archivo lunes-30-01-0214 del repositorio repo-raspberrypi1.attic en la raspberry pi con ip y puerto 192.168.1.50:2244

En teoría, yo hasta que no lo vea todo copiado no me lo creo.

[raspdroid]

Pues por lo menos terminó la copia con éxito ahora a ver si lo que copió es correcto.

En el servidor de backups:

Code: Select all

attic list repo-raspberrypi1.attic
raspberrypi-lunes-30-01-2017      Mon Jan 30 11:35:52 2017