DSM-G600, DNS-3xx and NSA-220 Hack Forum

-i identity_file
             Selects the file from which the identity (private key) for RSA authentication is read.  This option is directly passed to ssh(1).

you're passing the _public_ key - remove ".pub" from the name.

ps: rsync is very convenient to copy files via ssh, e.g.:

rsync -e ssh -avP backup@someserver.com:/* /mnt/HD_a2/backup/

This, however, will look for id_rsa* files in $HOME/.ssh/

Last edited by fonz (2007-05-26 02:32:39)

bareare wrote:

For some reason, I still get that error message. I have compared the key pair generated on the other server and the local ones, and the local ones are much shorter. Strange...

Are you using keys generated with ssh-keys? Dropbear doesn't understand these. I attached the dropbear README file. I shows the instruction to create dropbear keys or to convert ssh keys.

I have run into the same issue as bareare. I am not willing to use the Debian Etch or Sarge or anything like that. I have given up on using scp because it always gives me the "/mnt/HD_a2/fun_plug.d/bin/dbclient: exited: string too long" error, when i use the command that he used above, minus the .pub

my problem is - i dont know for certain where i go or what i do to make the hosts be known.

"Host '192.168.x.x' is not in the trusted hosts file.
(fingerprint md5 xx:xx:xx:xx:xx.....)
Do you want to continue connecting? (y/n)"


i have a ~/.ssh/known_hosts and ~/.sh/authorized_keys file, with what I BELIEVE to be correct data. As the dropbearconvert program is only for converting private keys, and public keys are being used, and I am not running dropbear or rsync as a server, only as a client, I should not need to do anything special to the public key of the host i want to SCP/RSYNC from before putting it into the authorized_keys file, and same deal with the id_rsa.pub or id_dsa.pub files from the host, as far as i know. I have pretty much given up on using SCP because of that error message, but rsync does not get it.

So, what I am asking for, is if someone can tell me what I am doing wrong and need to fix in order to get either SCP to stop giving me that error message, or rsync to stop telling me the host is not in the trusted list.

my ~/.ssh/known_hosts file format:
comp.domain,192.168.x.x ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3zUsPRI4M0fXxr9bj/DM.........
comp.domain,192.168.x.x ssh-dss AAAAB3NzaC1yc2EAAAABIwAAAQEA3zUsPRI4M0fXxr9bj/DM.........

my ~/.ssh/authorized_keys file format:

ssh-dss AAAAB3NzaC1kc3MAAACBAPc62Zw5........Q= root@name
ssh-rsa AAAAB3NzaC1yc2EAAAABIwA..........ytoQ == bkpuser@name


my customizations to fonz's fun_plug:

mkdir ~/.ssh
echo "ssh-dss AAAAB3NzaC1................HCG/U2IMFfciOgJFI= root@name" >> ~/.ssh/authorized_keys
echo "ssh-dss AAAAB3NzaC1kc3MAAACBA.....6YbPV9y6tqWoA= bkpuser@name" >> ~/.ssh/authorized_keys
echo "ssh-dss AABqaVw...........wQH2ZsXfWQHK root@name" >> ~/.ssh/authorized_keys
.....
echo "ssh-rsa AAAAB3Nza2.....1csZJyvvG+ZyCn6iwOJQ== root@name" >> ~/.ssh/authorized_keys
dropbearconvert dropbear openssh /mnt/HD_a2/fun_plug.d/etc/dropbear/dropbear_rsa_host_key /.ssh/id_rsa
dropbearconvert dropbear openssh /mnt/HD_a2/fun_plug.d/etc/dropbear/dropbear_dsa_host_key /.ssh/id_dsa
mknod /dev/random c 1 8
/mnt/HD_a2/fun_plug.d/start/dropbear.sh

echo "* Done" >>${LOGFILE}

(above line is the last line of fonz's fun_plug)


my commands and output:

rsync -e ssh -avP bkpuser@192.168.x.x:/backup/daily/* /mnt/HD_a2/backup/

Host '192.168.x.x' is not in the trusted hosts file.
(fingerprint md5 9f:xx:...:c6)
Do you want to continue connecting? (y/n)

/ # scp bkpuser@192.168.x.x:/backup/daily/* /mnt/HD_a2/backup/WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'
Failed loading keyfile '/mnt/.ssh/id_rsa'

Host '192.168.x.x' is not in the trusted hosts file.
(fingerprint md5 9f:ca:a4:89:be:a1:xx:...::5d:36:c6)
Do you want to continue connecting? (y/n)
n
/mnt/HD_a2/fun_plug.d/bin/dbclient: connection to bkpuser@192.168.x.x:22 exited: Didn't validate host key



/ # scp -i /.ssh/id_rsa bkpuser@192.168.x.x:/backup/daily/* /mnt/HD_a2/backup/ WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'
/mnt/HD_a2/fun_plug.d/bin/dbclient: exited: string too long



note: my terminal client is puTTY, with what i believe to be fairly standard default settings. I tried this thru the telnet and the SCP command did worked differently than thru SSH, however that way is not doable because i need passwordless SCP for making a automated backup script. I also need to have cron working to do my backup scripts but I assume it already comes with a working cron utility at least by the looks of it


P.S. any help would be GREATLY appreciated, thank you so much guys for teaching me so much already, until I learned you can hack into this thing and do this sort of stuff, I thought I had just threw $600 away by buying it + 2x500GB HD's

Last edited by RedScourge (2007-06-02 02:49:44)

Thanks alot fonz for your presence on this forum, im sure you have helped several hundreds, if not thousands, of people in setting up these DNS-323's, whether or not they have stopped by to express their gratitude, ask questions, or offer additional input.

my main problem with SCP was it was giving me the cryptic string to long error on the SCP command, and those strange parameter skipped, probably due to a difference in SSH between the two systems, as those parameters exist on the other linux boxes but not on the DNS, however I do not know how to stop those parameters from being sent by default by the other linux boxes.

It did not give me these warning messages, or at least it hid them perhaps, when i used rsync. Now thanks to your help I can use SCP without the fatal string to long error i got before. I would prefer to use SCP, but id rsync is faster i could use it.

~/HD_a2 # scp test.txt root@192.168.x.x:/backup/test.txt
WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'

Host '192.168.x.x' is not in the trusted hosts file.
(fingerprint md5 xx:xx:a4:xx:be:xx:xx:89:91:xx:xx:xx:94:xx:36:xx)
Do you want to continue connecting? (y/n)
y
root@192.168.x.x's password:

if i run the SCP command passing it my private key, it seems to work now:


~/HD_a2 # scp -i ~/.ssh/id_rsa test.txt root@192.168.x.x:/backup/test.txt
WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'
test.txt                                      100%    0     0.0KB/s   00:00
~/HD_a2 #

However i still get these WARNING messages, and would like to suppress from the system error logs, or stop them entirely if possible. Would you happen to know how to do this?

My optimal backup solution would involve making my linux servers scp to the DNS themselves after creating their daily zip/tar file backups, then send them to the DNS thru script automatically, controlled by cron. however, I get this error:

[bkpuser@crow root]$ scp root@192.168.x.x:/mnt/HD_a2/test.txt /backup
sh: scp: not found

Being able to set my $HOME $PATH etc on the DNS box automatically upon telnet/ssh connection may be very important to figure out, as this may be causing the error. it connects with SSH to the DNS and tries to run its side of the SCP request and it cannot find the scp binary, at least this is what I assume is happening.

so in conclusion, the issues I have yet to figure out, and would really appreciate help with, are:

-set up user environment automatically with every ssh/telnet connection, like a .bash_profile, but I am not sure if this works, if it doesnt, would you happen to know what does? I'm sure I can't be the first person who has wanted to accomplish this, so its probably something simple (i hope).

-if possible, would like to suppress the WARNING messages when using SCP


Any help at all on these matters would be greatly appreciated, although i may be able to make do with what ive got now, but id rather not have to settle

thanks again for your help, i have some good news and some bad news:

i can get it to properly retain a home directory, and execute the .profile script. I tried running the scp command from another machine to pull a file from the DNS, and it still wont work. I tried changing the default shell from /bin/sh to /mnt/HD_a2/fun_plug.d/bin/sh as well to see if this helped, but it did not.

have you yourself managed to pull files off or onto the DNS thru shell script on another linux box using scp or rsync? if you can tell me that rsync works then i should just use that, but either way i would prefer being able to have my backup scripts run on my other linux boxes and not on the DNS if possible. Currently, I am able to run scp/rsync on the DNS itself, but for some reason it says not found when i run the command on another system pointing to the DNS, however i know that i can run the rsync/scp commands between my real linux systems with no problems, so it seems to be on the DNS. Anyways if this turns out to be impossible so be it, I still should be able to get by without. Thanks very much for your help so far.

Here is some info on my DNS box:

my fun_plug now only has a customization to run /mnt/HD_a2/fun_plug.d/start/dropbear.sh, i took all other customizations out to be sure.

/etc/passwd on DNS:

root:x:0:0:Linux User,,,:/mnt:/bin/sh
admin:x:500:500:Linux User,,,:/mnt:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt:/bin/sh
bkpuser:x:505:503:rw:/mnt/HD_a2/fun_plug.d/home/bkpuser:/bin/sh
user:x:506:504:r:/mnt:/bin/sh
test1:x:507:507:Linux User,,,:/home/ftp:/bin/sh

r and rw groups are what they sound like, r is for reading from the share, rw is for users who need to read+write to disk, configured them thru web interface long ago.

login as: bkpuser
bkpuser@192.168.x.x's password:


BusyBox v1.5.0 (2007-05-06 16:42:17 CEST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ $ pwd
/mnt/HD_a2/fun_plug.d/home/bkpuser
~ $ whoami
bkpuser

~ $ set
BINDIR='/mnt/HD_a2/fun_plug.d/bin'
ETCDIR='/mnt/HD_a2/fun_plug.d/etc'
FUNPLUGDIR='/mnt/HD_a2/fun_plug.d'
FUNPLUGTAR='/mnt/HD_a2/fun_plug.tar'
HOME='/mnt/HD_a2/root'
IFS='
'
LOGDIR='/mnt/HD_a2/fun_plug.d/log'
LOGFILE='/mnt/HD_a2/fun_plug.d/log/fun_plug.log'
LOGNAME='bkpuser'
PATH='/mnt/HD_a2/fun_plug.d/bin:/usr/local/bin:/usr/bin:/sbin:/bin'
PPID='1914'
PS1='\w \$ '
PS2='> '
PS4='+ '
PWD='/mnt/HD_a2/fun_plug.d/home/bkpuser'
SHELL='/mnt/HD_a2/fun_plug.d/bin/sh'
TERM='xterm'
USER='bkpuser'
VOL1='/mnt/HD_a2'
VOL2='/mnt/HD_b2'
_='whoami'

~ # touch test1.txt
~ # ls -lah /mnt/HD_a2/fun_plug.d/home/bkpuser/test1.txt
-rw-r--r--    1 bkpuser  rw              0 Jun  4 17:41 /mnt/HD_a2/fun_plug.d/home/bkpuser/test1.txt



[root@someotherserver /]# scp bkpuser@192.168.x.x:/mnt/HD_a2/fun_plug.d/home/bkpuser/test1.txt /backup
sh: scp: not found


I even tried making a symbolic link to /usr/bin/scp on my other system to point to the same place as where scp is on the DNS and ran it with the full path to see if that would work but it did not

thanks, good to know i'm not crazy

If you want plain backup through sftp and do not not rdiff, you can use this tool:

http://www.deltascripts.com/deltabackup

(I'm using it on my DNS323 myself to automatically grab backup from multiple servers through a ssh connection).

mediamatters, if the files are missing after a reboot, then they are being created on the RAM
portion of the file system.   I assume the pub files and know_hosts are being created in the .ssh
directory of the user's home directory.  Is this backup running as a user or root?

The copy back script method should work, I think you might have changed the file permissions
during the copy and that is what's causing the problems.  SSH is VERY picky about file permissions.
I think(?) the .ssh directory needs to be read-write-xecute by the ower ONLY (ie: chmod 700), and the
know_hosts snd .pub files must be read-write by owner and only read by group and others. (ie: chmod 644)
and the authorized_keys file must be read-write by owner only (ie: chmod 600)

Just check the file permissions when you have a working configuration and be sure to keep the exact same
permission after copy back.

Another solution could be to move, a working, .ssh directory to the /mnt/HD_a2 and have your script create a symbolic
link from the ~/.ssh to /mnt/HD_a2/.ssh that should take care of the file permissions, too.  Or use rsync to do the copy
and preserve the file permission.

Last edited by mig (2008-05-22 00:13:41)