I wanted to create a shell script that will automatically grab a database backup from our backup server via rsync to a local server so we can have relatively recent copies of our database stored locally for running intensive reports against. This is a stopgap solution until we setup a reporting server in our datacenter. The first step to doing this was setting up key based authentication over SSH (so I can do this via cron). There are lots of tutorials on this and the process is pretty simple, but I did run into one little hitch on our CentOS server that I want to document here.
The setting I had to change was StrictMode No.
StrictModes
Specifies whether sshd should check file modes and ownership of the user’s files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is “yes”.
Beyond that following tutorials like this one and finally this one (where I discovered the StrictMode hint) make the process straight-forward. Some of the tutorials you will find are not entirely clear on the point that if you are connecting from foo@client to foo@server then the user foo must exist on both hosts (the client and server). I assumed this, but thought it was strange that this was not explicitly mentioned in the tutorials.
Another item that is not explained in any of the tutorials I found is the difference between RSA and DSA. RSA, short for Rivest, Shamir, and Adelman (the folks who created the algorithm back in the mid to late 1980s) is an aglorithm for encrypting data as well as signing it. DSA, short for Digital Signature Algorithm, is used for signing only.
So do you use DSA or RSA? Since we are only using this for signing and verification it appears that it does not matter which one you use. I have read there are nominal speed differences between the two. I used DSA for this project.
Related posts: