rsync from computer to OpenMediaVault server ask for password!

    • OMV 3.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • rsync from computer to OpenMediaVault server ask for password!

      Hello,

      I tried rsync and it's working.
      But I have a big problem: it's asking for password.

      I tried over ssh, same way.
      I tried to add my public key in OMV, root session etc.: no way, it's asking again for password.

      Shell-Script

      1. rsync -e ssh -aHtzrogpEAX /etc/sysctl.conf root@ntx-010b:/srv/dev-disk-by-label-Donnees/Sauvegardes/RTX-050C/etc/
      2. root@ntx-010b's password:

      I need to make some backups but how can use rsync without using password?
      I'm using Linux, so, I have not putty.
      :evil: Mulder FOX
    • ssh has to come after all the rsync parameters are done...

      Ex:
      rsync -<parameters> ssh <source> root@<dest-host>:<target>

      You did made a ssh-key on sourcehost and copied it to /ssh/authorized_keys on destination-host?

      HTH
      --
      Get a Rose Tattoo...

      HP t5740 with Expansion and USB3, Inateck Case w/ 3TB WD-Green
      OMV 2.2.14 Stone burner i386|3.2.0-4-686-pae
    • Dropkick Murphy wrote:

      ssh has to come after all the rsync parameters are done...

      Ex:
      rsync -<parameters> ssh <source> root@<dest-host>:<target>

      You did made a ssh-key on sourcehost and copied it to /ssh/authorized_keys on destination-host?

      HTH
      Yes, of course.
      With ssh-copy-id -i.
      I use an RSA with password.
      It's maybe for that.


      I will try with a new key, without password:

      Shell-Script

      1. judibet@RTX-050C:~$ ssh-keygen -t rsa -f .ssh/jvlinux -C admin@jvlinux.fr
      2. Generating public/private rsa key pair.
      3. Enter passphrase (empty for no passphrase):
      4. Enter same passphrase again:
      5. Your identification has been saved in .ssh/jvlinux.
      6. Your public key has been saved in .ssh/jvlinux.pub.
      7. The key fingerprint is:
      8. SHA256:DqfWVXkOnQN7ElgEOwxXPG3nk73U4v5eY1hucRFn7Ec admin@jvlinux.fr
      9. The key's randomart image is:
      10. +---[RSA 2048]----+
      11. | . oB*. oo|
      12. | +..o*ooE|
      13. | + *o**+|
      14. | o *.=B|
      15. | . S . .o+=|
      16. | * . =.o|
      17. | o o o =.|
      18. | . + o|
      19. | oo|
      20. +----[SHA256]-----+
      21. judibet@RTX-050C:~$ ssh-copy-id -i .ssh/jvlinux ntx-010b
      22. /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/jvlinux.pub"
      23. /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
      24. /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
      25. judibet@ntx-010b's password:
      26. Number of key(s) added: 1
      27. Now try logging into the machine, with: "ssh 'ntx-010b'"
      28. and check to make sure that only the key(s) you wanted were added.
      29. judibet@RTX-050C:~$ ssh-copy-id -i .ssh/jvlinux root@ntx-010b
      30. /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/jvlinux.pub"
      31. /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
      32. /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
      33. root@ntx-010b's password:
      34. Number of key(s) added: 1
      35. Now try logging into the machine, with: "ssh 'root@ntx-010b'"
      36. and check to make sure that only the key(s) you wanted were added.
      37. judibet@RTX-050C:~$ chmod -R 700 .ssh/
      38. judibet@RTX-050C:~$ sudo -i
      39. [sudo] Mot de passe de judibet :
      40. root@RTX-050C:~# cp /home/judibet/.ssh/jvlinux* .ssh/ && chmod -R 700 .ssh/
      41. root@RTX-050C:~# exit
      42. déconnexion
      43. judibet@RTX-050C:~$
      Display All
      After this, I add the private key and the public key in OMV SSH Certificate Menu.
      Without password, I can add it without error message (I couldn't add a certificate maked with a password).

      I add the public key to the user judibet in OMV with ssh-keygen -e -f .ssh/jvlinux.pub


      As you can see, the keys are present in authorized key but I need to connect with password...

      Shell-Script

      1. judibet@RTX-050C:~$ ssh ntx-010b
      2. judibet@ntx-010b's password:
      3. Permission denied, please try again.
      4. judibet@ntx-010b's password:
      5. The programs included with the Debian GNU/Linux system are free software;
      6. the exact distribution terms for each program are described in the
      7. individual files in /usr/share/doc/*/copyright.
      8. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
      9. permitted by applicable law.
      10. Last login: Sun Jun 4 19:32:35 2017 from 192.168.1.7
      11. ___ ___ _
      12. | \ \ / / | (_)_ __ _ ___ __
      13. _ | |\ \ / /| | | | '_ \| | | \ \/ /
      14. | |_| | \ V / | |___| | | | | |_| |> <
      15. \___/ \_/ |_____|_|_| |_|\__,_/_/\_\
      16. judibet@ntx-010b:~$ cat .ssh/authorized_keys
      17. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuxDVi8cx0/EgGYdWvjst9j+IK2x8iJEx9DyglKexoHk4h0Rmu1VxXoKzzTvvadz2ThHYI50OBnqKFVbd0/wAmJenKZa/DivqBYn5w6aNSqIT4SHAYf8aLWH+TFCK20QkRvuIKgctSiRGsChheftpzwJYgeaEv0UEOKOVTYE/0N3zq5pT5GsYJu+gBtSMIWQ9XwyQyMHzUfQJedEy3t6Baby0dNImDd6PVuTdSyedJu82QBQBusKtaZ38ypoSNqkBBOecUmzTSRnAiQnMEtALkte1R3ovScY/ad8mnxG4zCRAVE9H64D4HMwjypmMbpU73dsRwAzp7HDZaH0TCQprx judibet@jvlinux.fr
      18. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJ7HJ1r9+DwfwmG4Op+zwpHK7THNntcEUQ4+A1aeDWFdq7d5zlabAJZSYjqwDI79m1GGFxsYr4oWmYRUDWIxz5Afi+P5rehmqo2Q2F6gDiw1v1uh7HJniTR8enmxQtTOW2OUpQcKYD9IKITF4XC/rYR0QSQoJ2taqt73NHKMPJdlP4Zvf12n/Abpah/R8VLMESR9olAbM9FT7ErSXTaYx0a5n5uxhVKwmLaXBa9wbmJUrazdnD6IX7eGCg8LmAuhttBwKjoE1ItdVSSEv4Dq8lyjWdi0Lsf5aKo5KXWDNKf87K+6gcsrf5tkzvl6KiL4THUV/loTshEN35FuYe19Jn Secteur 51
      19. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/ZBOKe4KjCV51kNNrrKcpsSwNH81Y1b4JOHsXQjMOGWn1tvEF6aav5rJlSz0zktO5KqZeqk4ZUwvjlDEUCUH1KOC3eUimyuW0t7h5JK02jNkxUSlvSDX+ZoPBbjUQPZWrR+TsLU2mTWZsKJfqgSUM3k9qEGmMOvd0+oHghGdpTXBlUZ4Nr+SgCCTa3epPFWrb56JF2hfB7YCHl2qXJtUmIqd2fJelZLzkLi4M/AigOFtaYtV23yKKbvt4XYzJZikHb159CLDOBrwOODHbh1YnHRAIsGQi4azo5qY31WFd3Ql5BnSaO6vF4nzmXQx7D4iz+tYqfkGIth9eHioczInD admin@jvlinux.fr
      20. judibet@ntx-010b:~$ sudo -i
      21. [sudo] password for judibet:
      22. ___ ___ _
      23. | \ \ / / | (_)_ __ _ ___ __
      24. _ | |\ \ / /| | | | '_ \| | | \ \/ /
      25. | |_| | \ V / | |___| | | | | |_| |> <
      26. \___/ \_/ |_____|_|_| |_|\__,_/_/\_\
      27. root@ntx-010b:~# cat .ssh/authorized_keys
      28. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3NTxmTnq7MSnzHcFIcoZb5M17q9dABP/F25sfC1U0sN2N6MMDqKWrRTKhxAhlZ8ael4GgP9pxnHEVVmAQLYWC2fDq8icnPHZuZOwZNSPbbGQ00Cx20EITQSeDbr5LyR5smuJcAXeauo/khcwATBCya9p0y8qGL8r3KsXqxUz0RO9CUaAm6HJmjJiX7b5s++SoR6qmClDY0I9TPzWibYB8Mu6RaTnVRO3shaLIFUoE1C9qnUBh60dsAce7OAk3T4abIdwNiqszVmYs7/X1D8qE9wteo0NanqgOmte4bhrO6oV+UjTbLqabSFfPzGT8Z0LKYvw/zup/QBNuyGXpixdB admin@jvlinux.fr
      29. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJ7HJ1r9+DwfwmG4Op+zwpHK7THNntcEUQ4+A1aeDWFdq7d5zlabAJZSYjqwDI79m1GGFxsYr4oWmYRUDWIxz5Afi+P5rehmqo2Q2F6gDiw1v1uh7HJniTR8enmxQtTOW2OUpQcKYD9IKITF4XC/rYR0QSQoJ2taqt73NHKMPJdlP4Zvf12n/Abpah/R8VLMESR9olAbM9FT7ErSXTaYx0a5n5uxhVKwmLaXBa9wbmJUrazdnD6IX7eGCg8LmAuhttBwKjoE1ItdVSSEv4Dq8lyjWdi0Lsf5aKo5KXWDNKf87K+6gcsrf5tkzvl6KiL4THUV/loTshEN35FuYe19Jn Secteur 51
      30. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/ZBOKe4KjCV51kNNrrKcpsSwNH81Y1b4JOHsXQjMOGWn1tvEF6aav5rJlSz0zktO5KqZeqk4ZUwvjlDEUCUH1KOC3eUimyuW0t7h5JK02jNkxUSlvSDX+ZoPBbjUQPZWrR+TsLU2mTWZsKJfqgSUM3k9qEGmMOvd0+oHghGdpTXBlUZ4Nr+SgCCTa3epPFWrb56JF2hfB7YCHl2qXJtUmIqd2fJelZLzkLi4M/AigOFtaYtV23yKKbvt4XYzJZikHb159CLDOBrwOODHbh1YnHRAIsGQi4azo5qY31WFd3Ql5BnSaO6vF4nzmXQx7D4iz+tYqfkGIth9eHioczInD admin@jvlinux.fr
      31. root@ntx-010b:~# logout
      32. judibet@ntx-010b:~$ logout
      33. Connection to ntx-010b closed.
      34. judibet@RTX-050C:~$
      Display All


      With ssh-agent, I can connect me without password for all SSH certificates:

      Shell-Script

      1. judibet@RTX-050C:~$ eval $(ssh-agent -s)
      2. Agent pid 4065
      3. judibet@RTX-050C:~$ ssh-add .ssh/jvlinux
      4. Identity added: .ssh/jvlinux (.ssh/jvlinux)
      5. judibet@RTX-050C:~$ ssh ntx-010b
      6. The programs included with the Debian GNU/Linux system are free software;
      7. the exact distribution terms for each program are described in the
      8. individual files in /usr/share/doc/*/copyright.
      9. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
      10. permitted by applicable law.
      11. Last login: Mon Jun 5 01:26:45 2017 from 192.168.1.7
      12. ___ ___ _
      13. | \ \ / / | (_)_ __ _ ___ __
      14. _ | |\ \ / /| | | | '_ \| | | \ \/ /
      15. | |_| | \ V / | |___| | | | | |_| |> <
      16. \___/ \_/ |_____|_|_| |_|\__,_/_/\_\
      17. judibet@ntx-010b:~$ exit
      18. logout
      19. Connection to ntx-010b closed.
      20. judibet@RTX-050C:~$
      Display All
      But ssh-agent is not a solution because I need to launch it everytimes and I need ton makes rsyncs without passwords asking.

      Do you have an idea of what I have to do?
      :evil: Mulder FOX
    • subzero79 wrote:

      If you're using rsync in the omv interface with ssh transport this is non-interactive so you have too use pub key Authentication without passphrase. The password field there is to use with an rsync server using modules.

      Hello,

      As you can see, I tried without password.
      It's working from OMV but not from my computer to OMV.
      OMV don't take into account the authorized_keys?

      Envoyé de mon SM-G935F en utilisant Tapatalk
      :evil: Mulder FOX
    • Hello,

      I add the public keys (RSA RFC4716) in GUI per users before.
      As this topic.

      No way (with root or user):

      Shell-Script

      1. judibet@RTX-050C:~$ rsync -e ssh -i .ssh/jvlinux.pub -aHtzrogpEAX /etc/group judibet@ntx-010b:/srv/dev-disk-by-label-Donnees/Sauvegardes/RTX-050C/etc/
      2. judibet@ntx-010b's password:
      3. judibet@RTX-050C:~$ rsync -aHtzrogpEAX /etc/group judibet@ntx-010b:/srv/dev-disk-by-label-Donnees/Sauvegardes/RTX-050C/etc/
      4. judibet@ntx-010b's password:
      :evil: Mulder FOX
    • Shell-Script

      1. root@RTX-050C:~# rsync -e ssh -v -i .ssh/jvlinux -aHtzrogpEAX /etc/sysctl.conf root@ntx-010b:/srv/dev-disk-by-label-Donnees/Sauvegardes/RTX-050C/etc/
      2. root@ntx-010b's password:
      3. sending incremental file list
      4. <f+++++++++ jvlinux
      5. sent 1,408 bytes received 35 bytes 222.00 bytes/sec
      6. total size is 3,776 speedup is 2.62
      7. root@RTX-050C:~#
      I have nothing for the key :(.
      :evil: Mulder FOX
    • Ok, let me summarize for my understanding:
      • You have the keys on both systems
      • The public key is on both systems in the authorized_keys of the destination account
      • The public key is stored in the right format in the authorized keys
      • The private key is rw for the user who starts the ssh/rsync. And only for this user (mask 600)
      And it still asks you for a pw. Can you try to connect with rsync and -v to get a debug output? Should help to find the problem.
    • chris789 wrote:

      Forgotten to add:

      Remember you use .ssh/<keyname> for the key in your rsync. Please try with full path to the key (e.g. /home/user/.ssh/keyname) instead.

      Shell-Script

      1. root@RTX-050C:~# rsync -v -e ssh -v -i /root/.ssh/jvlinux -aHtzrogpEAX /etc/sysctl.conf root@ntx-010b:/srv/dev-disk-by-label-Donnees/Sauvegardes/RTX-050C/etc/
      2. opening connection using: ssh -l root ntx-010b rsync --server -vvlHogDtpAXrze.iLsfx "--log-format=%i" . /srv/dev-disk-by-label-Donnees/Sauvegardes/RTX-050C/etc/ (10 args)
      3. root@ntx-010b's password:


      subzero79 wrote:

      How about posting here both sshd_config files for both servers please

      cat /etc/ssh/sshd_config
      I have that (OMV):

      Shell-Script

      1. root@ntx-010b:/srv/dev-disk-by-label-Donnees/Sauvegardes/RTX-050C/home# cat /etc/ssh/sshd_config
      2. Protocol 2
      3. HostKey /etc/ssh/ssh_host_rsa_key
      4. HostKey /etc/ssh/ssh_host_dsa_key
      5. HostKey /etc/ssh/ssh_host_ecdsa_key
      6. HostKey /etc/ssh/ssh_host_ed25519_key
      7. UsePrivilegeSeparation yes
      8. KeyRegenerationInterval 3600
      9. ServerKeyBits 1024
      10. SyslogFacility AUTH
      11. LogLevel INFO
      12. LoginGraceTime 120
      13. StrictModes yes
      14. RSAAuthentication yes
      15. PubkeyAuthentication yes
      16. IgnoreRhosts yes
      17. RhostsRSAAuthentication no
      18. HostbasedAuthentication no
      19. PermitEmptyPasswords no
      20. ChallengeResponseAuthentication no
      21. X11Forwarding yes
      22. X11DisplayOffset 10
      23. PrintMotd no
      24. PrintLastLog yes
      25. TCPKeepAlive yes
      26. AcceptEnv LANG LC_*
      27. Subsystem sftp /usr/lib/openssh/sftp-server
      28. UsePAM yes
      29. AllowGroups root ssh
      30. AddressFamily any
      31. Port 22
      32. PermitRootLogin yes
      33. AllowTcpForwarding no
      34. Compression yes
      35. PasswordAuthentication yes
      36. AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /var/lib/openmediavault/ssh/authorized_keys/%u
      37. PubkeyAuthentication yes
      Display All
      And that (computer):

      Shell-Script

      1. judibet@RTX-050C:~$ cat /etc/ssh/sshd_config
      2. # Package generated configuration file
      3. # See the sshd_config(5) manpage for details
      4. # What ports, IPs and protocols we listen for
      5. Port 22
      6. # Use these options to restrict which interfaces/protocols sshd will bind to
      7. #ListenAddress ::
      8. #ListenAddress 0.0.0.0
      9. Protocol 2
      10. # HostKeys for protocol version 2
      11. HostKey /etc/ssh/ssh_host_rsa_key
      12. HostKey /etc/ssh/ssh_host_dsa_key
      13. HostKey /etc/ssh/ssh_host_ecdsa_key
      14. HostKey /etc/ssh/ssh_host_ed25519_key
      15. #Privilege Separation is turned on for security
      16. UsePrivilegeSeparation yes
      17. # Lifetime and size of ephemeral version 1 server key
      18. KeyRegenerationInterval 3600
      19. ServerKeyBits 1024
      20. # Logging
      21. SyslogFacility AUTH
      22. LogLevel INFO
      23. # Authentication:
      24. LoginGraceTime 120
      25. PermitRootLogin prohibit-password
      26. StrictModes yes
      27. RSAAuthentication yes
      28. PubkeyAuthentication yes
      29. #AuthorizedKeysFile %h/.ssh/authorized_keys
      30. # Don't read the user's ~/.rhosts and ~/.shosts files
      31. IgnoreRhosts yes
      32. # For this to work you will also need host keys in /etc/ssh_known_hosts
      33. RhostsRSAAuthentication no
      34. # similar for protocol version 2
      35. HostbasedAuthentication no
      36. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
      37. #IgnoreUserKnownHosts yes
      38. # To enable empty passwords, change to yes (NOT RECOMMENDED)
      39. PermitEmptyPasswords no
      40. # Change to yes to enable challenge-response passwords (beware issues with
      41. # some PAM modules and threads)
      42. ChallengeResponseAuthentication no
      43. # Change to no to disable tunnelled clear text passwords
      44. #PasswordAuthentication yes
      45. # Kerberos options
      46. #KerberosAuthentication no
      47. #KerberosGetAFSToken no
      48. #KerberosOrLocalPasswd yes
      49. #KerberosTicketCleanup yes
      50. # GSSAPI options
      51. #GSSAPIAuthentication no
      52. #GSSAPICleanupCredentials yes
      53. X11Forwarding yes
      54. X11DisplayOffset 10
      55. PrintMotd no
      56. PrintLastLog yes
      57. TCPKeepAlive yes
      58. #UseLogin no
      59. #MaxStartups 10:30:60
      60. #Banner /etc/issue.net
      61. # Allow client to pass locale environment variables
      62. AcceptEnv LANG LC_*
      63. Subsystem sftp /usr/lib/openssh/sftp-server
      64. # Set this to 'yes' to enable PAM authentication, account processing,
      65. # and session processing. If this is enabled, PAM authentication will
      66. # be allowed through the ChallengeResponseAuthentication and
      67. # PasswordAuthentication. Depending on your PAM configuration,
      68. # PAM authentication via ChallengeResponseAuthentication may bypass
      69. # the setting of "PermitRootLogin without-password".
      70. # If you just want the PAM account and session checks to run without
      71. # PAM authentication, then enable this but set PasswordAuthentication
      72. # and ChallengeResponseAuthentication to 'no'.
      73. UsePAM yes
      74. judibet@RTX-050C:~$
      Display All
      :evil: Mulder FOX

      The post was edited 1 time, last by Judibet ().