authorized_keys problem

It shouldn't be a problem actually. I did a simple test with successful results:

1. Generate a PKA keypair on linux (RH 7.1, OpenSSH 2.5) as root:
• ssh-keygen -q -b 1024 -t rsa -f test -N ''

2. Start Sftp on windows (NT, OpenSSH 4.2 with cwRsync 2.0.4 server) and get public.pub
3. Update authorized_keys file
• cat public.pub >> authorized_keys
• authorized_keys2 is something from the past, ignore it!!

4. Start ssh/sftp on linux side
• ssh -i test SvcwRsync@windows-machine
• sftp -o IdentityFile=test SvcwRsync@windows-machine

If I login using a domain account and a password into the rsync server ( using the ssh server ) I can list the contents of the network drives. I then setup authkeys and login using the same user and permission is denied.
Is there something else I need to do?

I've had difficulties getting this null password SSH to work as well. The web site is not much help. For example, it was unclear to me whether or not I need to install COPSSH in addition to the OpenSSN that is included with cwRsyncServer. Also, there are indications here and there that one has to "Activate a User", which is presumably done from the START menu, but I have no such option anywhere. I managed to locate an .ssh directory in which to place my authorized_keys/authorized_keys2 files at C:\Program Files\cwRsyncServer\var\SvcwRsync\.ssh but placing them there seems to have no effect.

I've had difficulties getting this null password SSH to work as well. The web site is not much help. For example, it was unclear to me whether or not I need to install COPSSH in addition to the OpenSSN that is included with cwRsyncServer. Also, there are indications here and there that one has to "Activate a User", which is presumably done from the START menu, but I have no such option anywhere. I managed to locate an .ssh directory in which to place my authorized_keys/authorized_keys2 files at C:\Program Files\cwRsyncServer\var\SvcwRsync\.ssh but placing them there seems to have no effect.

You don't need copSSH if you have installed cwRsyncServer with openssh component. For passwordless communication, copy the private key from cwRsyncServer (available from start menu) to your machine and initiate communication as described in a FAQ that suits your environment. If you want to use your own public key instead, you can add it to authorized_keys for the user SvcwRsync at server side. No user activation is needed. copSSH is a general purpose ssh server. That's the reason why it has user activation/deactivation available from start menu. cwRsyncServer has a user (SvcwRsync) already activated for convenience. However, it has also user (de)activation scripts included for advanced use.

If I login using a domain account and a password into the rsync server ( using the ssh server ) I can list the contents of the network drives. I then setup authkeys and login using the same user and permission is denied.

Is there something else I need to do?

Why don't you use the service account and its keys to establish passwordless communication? You can also add your own public key to user SvcwRsync's authorized keys if you want to.

As the first email in the thread indicated, I don't want to propagate multiple keys from each client being backed up to the Linux box. I want to (and should) be able to utilize keys generated on the Linux box, that is use the same set of keys for all boxes.

The only way I was able to do this was to install copSSH. So, to all trying this, don't install the OpenSSH that's packaged with the server. Instead, try copSSH.

As the first email in the thread indicated, I don't want to propagate multiple keys from each client being backed up to the Linux box. I want to (and should) be able to utilize keys generated on the Linux box, that is use the same set of keys for all boxes.

The only way I was able to do this was to install copSSH. So, to all trying this, don't install the OpenSSH that's packaged with the server. Instead, try copSSH.

This is not correct. copSSH may work for your specific configuration. However, permissions and settings which are required for the full rsync daemon functionality will not be set up correctly. In addition, future versions of cwRsync server will include support for other tunnelling mechanisms like stunnel. As I tried to explain before, you are free to add your own public key to authorized_keys at server side and use your private key at client side. It should work (see my previous posting in this thread). I've written a FAQ to clarify this issue. Hope it helps.

To make sure I tried everything, please clarify using the service account along with the OpenSSH packaged with cwRsyncServer. I tried copying the public key generated on my Linux box into the authorized_keys file on my Windows machine, say WIN_SOURCE. I tried many locations for this file. Can you specify *where* it is supposed to go, i.e., what folder on WIN_SOURCE? Also, could you specify the exact SSH command from my Linux box to the WIN_SOURCE, e.g.,

ssh -l cwrsync WIN_SOURCE

or

ssh -l SvcwRsync WIN_SOURCE

Thanks,

Ken

I've written a new FAQ about this issue. Hope it helps.

Tev,

I read the FAQ and followed it exactly. In fact, I've tried this now several times. It does not work. I'm still prompted for a password. I'm not new to this business either. I've setup this passwordless SSH between Linux boxes and PCs now for several years. Something is not right here. Could this have anything to do with the fact that I'm using DSS keys? Of course, I tried both authorized_keys and authorized_keys2 files. Also, I didn't cat onto these files, but rather replaced them.

Ken

If you replace the file, the new file gets a different set of permissions and ownership. That might be the problem. I recommend to run setperms.cmd again. The recipe I described in the FAQ works without problems in my test environment with Linux RH 7.1, 9.0, FC3 and Windows NT/2003.