?
Solved

Problem with Linux rsync.  Process rejecting key as it was generated with blank pass phrase

Posted on 2007-07-22
5
Medium Priority
?
423 Views
Last Modified: 2012-06-27
Im having a problem with linux rsync.  I have created the key pair and put on server and client and they look good.  When I run a test from the server that is the mirror server as below I get prompted for a pass phrase as the private key that was generated does not have one as I am going to run this from cron.
Any help on how I can get Linux to let me away with this would be appreciated. Thank you.

[root@ip-208-109-127-6 ~]# rsync -avz -e "ssh -p 2250 -i /root/rsync/mirror-rsync-key" korthion@85.13.224.18:/home/jail/home/Part20 ./
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/root/rsync/mirror-rsync-key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /root/rsync/mirror-rsync-key
Enter passphrase for key '/root/rsync/mirror-rsync-key':

0
Comment
Question by:tleyden
5 Comments
 

Author Comment

by:tleyden
ID: 19543528
Solved. I changed the permissions on the key to 700 and it sorted it out
0
 
LVL 48

Expert Comment

by:Tintin
ID: 19543746
I would have thought the messages:

Permissions 0644 for '/root/rsync/mirror-rsync-key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /root/rsync/mirror-rsync-key

were pretty obvious.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 19543750
BTW, no need for execute permissions on the key, 600 is sufficient, or even 400.
0
 
LVL 7

Expert Comment

by:ezaton
ID: 19543802
Agree. A common problem with ssh key exchange.
0
 
LVL 1

Accepted Solution

by:
ostwaldl earned 2000 total points
ID: 19549481
You need to add the public key file (not the private key) you created to the "authorized_keys" file on the destination machine.  Normally for root user this would be in "/root/.ssh".

The permissions on this file should also be restrictive (0400 or 0600).

You can make the use of the key authentication a bit more secure by prefixing the key with "from=<hostname>" in the "authorized_keys" file,  where <hostname> is the resolvable hostname of the source machine.

Also, you don't need to copy the private key to the destination machine at all (and its not a good idea from a security standpont)..the private key should only reside on the source machine.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month17 days, 6 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question