DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2007-05-26 01:39:34

bareare
Member
Registered: 2007-05-24
Posts: 29

Scp without password...

I'm using the dropbear plugin thing..
http://dns323.kood.org/forum/t422-Updated-fun-plug.html

I can use Scp over a ssh connection when I get the promt for password. However, I do not want to be promted for password. So I have generated keys in order to connect withouth password. However, the copy fails always when setting the file name for the pub file. I would rather that I could spesify password from command line, but that is not possible as far I have understood.

Any tip?

/ # scp -B -P 4000 -i id_rsa.pub backup@someserver.com:/* /mnt/HD_a2/backup/
WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'
WARNING: Ignoring unknown argument '-oBatchmode yes'
/mnt/HD_a2/fun_plug.d/bin/dbclient: exited: string too long

expect
I found this, it would be really the best option, but since I don't have expect installed, it doesn't work.. I assume it would be difficult to get expect up and working?
http://modp.com/release/sshpasswords/

Another expect solution:
http://search.cpan.org/~djberg/Net-SCP- … /Expect.pm

Do I have to install the hole Debian package?

Last edited by bareare (2007-05-26 02:10:45)

Offline

 

#2 2007-05-26 02:32:02

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: Scp without password...

-i identity_file
             Selects the file from which the identity (private key) for RSA authentication is read.  This option is directly passed to ssh(1).

you're passing the _public_ key - remove ".pub" from the name.

ps: rsync is very convenient to copy files via ssh, e.g.:

Code:

rsync -e ssh -avP backup@someserver.com:/* /mnt/HD_a2/backup/

This, however, will look for id_rsa* files in $HOME/.ssh/

Last edited by fonz (2007-05-26 02:32:39)

Offline

 

#3 2007-05-26 12:30:09

bareare
Member
Registered: 2007-05-24
Posts: 29

Re: Scp without password...

For some reason, I still get that error message. I have compared the key pair generated on the other server and the local ones, and the local ones are much shorter. Strange...

Offline

 

#4 2007-05-26 13:16:34

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: Scp without password...

bareare wrote:

For some reason, I still get that error message. I have compared the key pair generated on the other server and the local ones, and the local ones are much shorter. Strange...

Are you using keys generated with ssh-keys? Dropbear doesn't understand these. I attached the dropbear README file. I shows the instruction to create dropbear keys or to convert ssh keys.

Offline

 

#5 2007-05-26 14:14:50

bareare
Member
Registered: 2007-05-24
Posts: 29

Re: Scp without password...

Ok.. I see. I use the DNS323 only as client, not the other way around.  But I must anyway convert the real public ssh key from my server to the dropbear ssh format before I can connect from dns323, it seems from the readme.

Update: I erased everything and installed Debian Etch from scratch. Works fine now smile

Last edited by bareare (2007-05-27 17:46:14)

Offline

 

#6 2007-06-02 02:42:21

RedScourge
Member
Registered: 2007-06-01
Posts: 6

Re: Scp without password...

I have run into the same issue as bareare. I am not willing to use the Debian Etch or Sarge or anything like that. I have given up on using scp because it always gives me the "/mnt/HD_a2/fun_plug.d/bin/dbclient: exited: string too long" error, when i use the command that he used above, minus the .pub

my problem is - i dont know for certain where i go or what i do to make the hosts be known.

"Host '192.168.x.x' is not in the trusted hosts file.
(fingerprint md5 xx:xx:xx:xx:xx.....)
Do you want to continue connecting? (y/n)"


i have a ~/.ssh/known_hosts and ~/.sh/authorized_keys file, with what I BELIEVE to be correct data. As the dropbearconvert program is only for converting private keys, and public keys are being used, and I am not running dropbear or rsync as a server, only as a client, I should not need to do anything special to the public key of the host i want to SCP/RSYNC from before putting it into the authorized_keys file, and same deal with the id_rsa.pub or id_dsa.pub files from the host, as far as i know. I have pretty much given up on using SCP because of that error message, but rsync does not get it.

So, what I am asking for, is if someone can tell me what I am doing wrong and need to fix in order to get either SCP to stop giving me that error message, or rsync to stop telling me the host is not in the trusted list.

my ~/.ssh/known_hosts file format:
comp.domain,192.168.x.x ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3zUsPRI4M0fXxr9bj/DM.........
comp.domain,192.168.x.x ssh-dss AAAAB3NzaC1yc2EAAAABIwAAAQEA3zUsPRI4M0fXxr9bj/DM.........

my ~/.ssh/authorized_keys file format:

ssh-dss AAAAB3NzaC1kc3MAAACBAPc62Zw5........Q= root@name
ssh-rsa AAAAB3NzaC1yc2EAAAABIwA..........ytoQ == bkpuser@name


my customizations to fonz's fun_plug:

mkdir ~/.ssh
echo "ssh-dss AAAAB3NzaC1................HCG/U2IMFfciOgJFI= root@name" >> ~/.ssh/authorized_keys
echo "ssh-dss AAAAB3NzaC1kc3MAAACBA.....6YbPV9y6tqWoA= bkpuser@name" >> ~/.ssh/authorized_keys
echo "ssh-dss AABqaVw...........wQH2ZsXfWQHK root@name" >> ~/.ssh/authorized_keys
.....
echo "ssh-rsa AAAAB3Nza2.....1csZJyvvG+ZyCn6iwOJQ== root@name" >> ~/.ssh/authorized_keys
dropbearconvert dropbear openssh /mnt/HD_a2/fun_plug.d/etc/dropbear/dropbear_rsa_host_key /.ssh/id_rsa
dropbearconvert dropbear openssh /mnt/HD_a2/fun_plug.d/etc/dropbear/dropbear_dsa_host_key /.ssh/id_dsa
mknod /dev/random c 1 8
/mnt/HD_a2/fun_plug.d/start/dropbear.sh

echo "* Done" >>${LOGFILE}

(above line is the last line of fonz's fun_plug)


my commands and output:

rsync -e ssh -avP bkpuser@192.168.x.x:/backup/daily/* /mnt/HD_a2/backup/

Host '192.168.x.x' is not in the trusted hosts file.
(fingerprint md5 9f:xx:...:c6)
Do you want to continue connecting? (y/n)

/ # scp bkpuser@192.168.x.x:/backup/daily/* /mnt/HD_a2/backup/WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'
Failed loading keyfile '/mnt/.ssh/id_rsa'

Host '192.168.x.x' is not in the trusted hosts file.
(fingerprint md5 9f:ca:a4:89:be:a1:xx:...::5d:36:c6)
Do you want to continue connecting? (y/n)
n
/mnt/HD_a2/fun_plug.d/bin/dbclient: connection to bkpuser@192.168.x.x:22 exited: Didn't validate host key



/ # scp -i /.ssh/id_rsa bkpuser@192.168.x.x:/backup/daily/* /mnt/HD_a2/backup/ WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'
/mnt/HD_a2/fun_plug.d/bin/dbclient: exited: string too long



note: my terminal client is puTTY, with what i believe to be fairly standard default settings. I tried this thru the telnet and the SCP command did worked differently than thru SSH, however that way is not doable because i need passwordless SCP for making a automated backup script. I also need to have cron working to do my backup scripts but I assume it already comes with a working cron utility at least by the looks of it


P.S. any help would be GREATLY appreciated, thank you so much guys for teaching me so much already, until I learned you can hack into this thing and do this sort of stuff, I thought I had just threw $600 away by buying it + 2x500GB HD's

Last edited by RedScourge (2007-06-02 02:49:44)

Offline

 

#7 2007-06-02 03:23:33

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: Scp without password...

I hope I understand your problem correctly. You want to run scp on the DNS to copy files from another host. I did a quick test, and it works. This is what I did:

First, give root a home directory to store known_hosts and key files ($HOME defaults to / on my box, which is not good...)

Code:

HOME=/mnt/HD_a2/root
mkdir -p $HOME

Second,  create key pair for root on the DNS

Code:

mkdir ~/.ssh
cd ~/.ssh
dropbearkey -t rsa -f key
dropbearkey -f key -y | head -n2 | tail -n1 >key.pub

Third, copy key.pub file to the ssh-server-host, append to .ssh/authorized_keys

Finally, back on the DNS323, connect...

Code:

ssh -i /mnt/HD_a2/root/.ssh/key tp@10.12.11.2

Also tried scp, works, too.

Offline

 

#8 2007-06-04 19:31:37

RedScourge
Member
Registered: 2007-06-01
Posts: 6

Re: Scp without password...

Thanks alot fonz for your presence on this forum, im sure you have helped several hundreds, if not thousands, of people in setting up these DNS-323's, whether or not they have stopped by to express their gratitude, ask questions, or offer additional input.

my main problem with SCP was it was giving me the cryptic string to long error on the SCP command, and those strange parameter skipped, probably due to a difference in SSH between the two systems, as those parameters exist on the other linux boxes but not on the DNS, however I do not know how to stop those parameters from being sent by default by the other linux boxes.

It did not give me these warning messages, or at least it hid them perhaps, when i used rsync. Now thanks to your help I can use SCP without the fatal string to long error i got before. I would prefer to use SCP, but id rsync is faster i could use it.

~/HD_a2 # scp test.txt root@192.168.x.x:/backup/test.txt
WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'

Host '192.168.x.x' is not in the trusted hosts file.
(fingerprint md5 xx:xx:a4:xx:be:xx:xx:89:91:xx:xx:xx:94:xx:36:xx)
Do you want to continue connecting? (y/n)
y
root@192.168.x.x's password:

if i run the SCP command passing it my private key, it seems to work now:


~/HD_a2 # scp -i ~/.ssh/id_rsa test.txt root@192.168.x.x:/backup/test.txt
WARNING: Ignoring unknown argument '-x'
WARNING: Ignoring unknown argument '-oForwardAgent no'
WARNING: Ignoring unknown argument '-oPermitLocalCommand no'
WARNING: Ignoring unknown argument '-oClearAllForwardings yes'
test.txt                                      100%    0     0.0KB/s   00:00
~/HD_a2 #

However i still get these WARNING messages, and would like to suppress from the system error logs, or stop them entirely if possible. Would you happen to know how to do this?

My optimal backup solution would involve making my linux servers scp to the DNS themselves after creating their daily zip/tar file backups, then send them to the DNS thru script automatically, controlled by cron. however, I get this error:

[bkpuser@crow root]$ scp root@192.168.x.x:/mnt/HD_a2/test.txt /backup
sh: scp: not found

Being able to set my $HOME $PATH etc on the DNS box automatically upon telnet/ssh connection may be very important to figure out, as this may be causing the error. it connects with SSH to the DNS and tries to run its side of the SCP request and it cannot find the scp binary, at least this is what I assume is happening.

so in conclusion, the issues I have yet to figure out, and would really appreciate help with, are:

-set up user environment automatically with every ssh/telnet connection, like a .bash_profile, but I am not sure if this works, if it doesnt, would you happen to know what does? I'm sure I can't be the first person who has wanted to accomplish this, so its probably something simple (i hope).

-if possible, would like to suppress the WARNING messages when using SCP


Any help at all on these matters would be greatly appreciated, although i may be able to make do with what ive got now, but id rather not have to settle tongue

Offline

 

#9 2007-06-05 00:10:08

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: Scp without password...

Can't do much about the scp warnings - they seem to be normal. Just ignore them. Also, I usually prefer "rsync -e ssh" over scp.

[bkpuser@crow root]$ scp root@192.168.x.x:/mnt/HD_a2/test.txt /backup
sh: scp: not found

Your .bash_profile idea should work. Have a look at /etc/passwd. The second last field contains the home directory of the users. Make sure it's on disk (better try with a non-root user first, and be sure to make a backup of that file, and use an editor with UNIX line breaks!!!!!). It should read your ~/.profile (not .bash_profile, it's not bash).

Offline

 

#10 2007-06-05 02:59:35

RedScourge
Member
Registered: 2007-06-01
Posts: 6

Re: Scp without password...

thanks again for your help, i have some good news and some bad news:

i can get it to properly retain a home directory, and execute the .profile script. I tried running the scp command from another machine to pull a file from the DNS, and it still wont work. I tried changing the default shell from /bin/sh to /mnt/HD_a2/fun_plug.d/bin/sh as well to see if this helped, but it did not.

have you yourself managed to pull files off or onto the DNS thru shell script on another linux box using scp or rsync? if you can tell me that rsync works then i should just use that, but either way i would prefer being able to have my backup scripts run on my other linux boxes and not on the DNS if possible. Currently, I am able to run scp/rsync on the DNS itself, but for some reason it says not found when i run the command on another system pointing to the DNS, however i know that i can run the rsync/scp commands between my real linux systems with no problems, so it seems to be on the DNS. Anyways if this turns out to be impossible so be it, I still should be able to get by without. Thanks very much for your help so far.

Here is some info on my DNS box:

my fun_plug now only has a customization to run /mnt/HD_a2/fun_plug.d/start/dropbear.sh, i took all other customizations out to be sure.

/etc/passwd on DNS:

root:x:0:0:Linux User,,,:/mnt:/bin/sh
admin:x:500:500:Linux User,,,:/mnt:/bin/sh
nobody:x:501:501:Linux User,,,:/mnt:/bin/sh
bkpuser:x:505:503:rw:/mnt/HD_a2/fun_plug.d/home/bkpuser:/bin/sh
user:x:506:504:r:/mnt:/bin/sh
test1:x:507:507:Linux User,,,:/home/ftp:/bin/sh

r and rw groups are what they sound like, r is for reading from the share, rw is for users who need to read+write to disk, configured them thru web interface long ago.

login as: bkpuser
bkpuser@192.168.x.x's password:


BusyBox v1.5.0 (2007-05-06 16:42:17 CEST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ $ pwd
/mnt/HD_a2/fun_plug.d/home/bkpuser
~ $ whoami
bkpuser

~ $ set
BINDIR='/mnt/HD_a2/fun_plug.d/bin'
ETCDIR='/mnt/HD_a2/fun_plug.d/etc'
FUNPLUGDIR='/mnt/HD_a2/fun_plug.d'
FUNPLUGTAR='/mnt/HD_a2/fun_plug.tar'
HOME='/mnt/HD_a2/root'
IFS='
'
LOGDIR='/mnt/HD_a2/fun_plug.d/log'
LOGFILE='/mnt/HD_a2/fun_plug.d/log/fun_plug.log'
LOGNAME='bkpuser'
PATH='/mnt/HD_a2/fun_plug.d/bin:/usr/local/bin:/usr/bin:/sbin:/bin'
PPID='1914'
PS1='\w \$ '
PS2='> '
PS4='+ '
PWD='/mnt/HD_a2/fun_plug.d/home/bkpuser'
SHELL='/mnt/HD_a2/fun_plug.d/bin/sh'
TERM='xterm'
USER='bkpuser'
VOL1='/mnt/HD_a2'
VOL2='/mnt/HD_b2'
_='whoami'

~ # touch test1.txt
~ # ls -lah /mnt/HD_a2/fun_plug.d/home/bkpuser/test1.txt
-rw-r--r--    1 bkpuser  rw              0 Jun  4 17:41 /mnt/HD_a2/fun_plug.d/home/bkpuser/test1.txt



[root@someotherserver /]# scp bkpuser@192.168.x.x:/mnt/HD_a2/fun_plug.d/home/bkpuser/test1.txt /backup
sh: scp: not found


I even tried making a symbolic link to /usr/bin/scp on my other system to point to the same place as where scp is on the DNS and ran it with the full path to see if that would work but it did not sad

Offline

 

#11 2007-06-05 13:24:12

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: Scp without password...

RedScourge wrote:

[root@someotherserver /]# scp bkpuser@192.168.x.x:/mnt/HD_a2/fun_plug.d/home/bkpuser/test1.txt /backup
sh: scp: not found

You're right. That doesn't work, I'm getting the same error. Not sure how to fix this. A work-around for now could be to use rsync with the --rsync-path option like this:

Code:

rsync -e ssh --rsync-path=/mnt/HD_a2/fun_plug.d/bin/rsync -a bob:/mnt/HD_a2/fun_plug /tmp

Offline

 

#12 2007-06-05 17:02:08

RedScourge
Member
Registered: 2007-06-01
Posts: 6

Re: Scp without password...

thanks, good to know i'm not crazy smile

Offline

 

#13 2007-06-06 22:35:34

fonz
Member / Developer
From: Berlin
Registered: 2007-02-06
Posts: 1716
Website

Re: Scp without password...

RedScourge wrote:

I even tried making a symbolic link to /usr/bin/scp on my other system to point to the same place as where scp is on the DNS and ran it with the full path to see if that would work but it did not sad

not sure what you mean by "on the other system". I just tried on the DNS:

Code:

cd /usr/bin
ln -s /mnt/HD_a2/fun_plug.d/bin/scp

and scp magically worked - and it stops working when I remove that link (scp not found message).
Can you try this and confirm that it works or doesn't work?

Offline

 

#14 2007-07-01 17:49:58

bareare
Member
Registered: 2007-05-24
Posts: 29

Re: Scp without password...

If you want plain backup through sftp and do not not rdiff, you can use this tool:

http://www.deltascripts.com/deltabackup

(I'm using it on my DNS323 myself to automatically grab backup from multiple servers through a ssh connection).

Offline

 

#15 2008-05-21 23:06:34

mediamatters
New member
Registered: 2008-05-21
Posts: 2

Re: Scp without password...

I am having a similar issue. I am backing all of the data to an offsite location via rsync. The problem is I need generate the .pub files and everything is saved on the known_hosts files. Everything works well so far. Once i reboot the DNS323 everything is deleted and i would have to generate the files again.

I have tried storing the files on the /mnt/HD_a2 and then copying them back via a .sh file in /ffp/start but that doesnt seem to work.

Any suggestions on how to either prevent these files from being deleted upon a reboot or coying them back?

Thanks

Offline

 

#16 2008-05-22 00:12:03

mig
Member
From: Seattle, WA
Registered: 2006-12-21
Posts: 532

Re: Scp without password...

mediamatters, if the files are missing after a reboot, then they are being created on the RAM
portion of the file system.   I assume the pub files and know_hosts are being created in the .ssh
directory of the user's home directory.  Is this backup running as a user or root?

The copy back script method should work, I think you might have changed the file permissions
during the copy and that is what's causing the problems.  SSH is VERY picky about file permissions.
I think(?) the .ssh directory needs to be read-write-xecute by the ower ONLY (ie: chmod 700), and the
know_hosts snd .pub files must be read-write by owner and only read by group and others. (ie: chmod 644)
and the authorized_keys file must be read-write by owner only (ie: chmod 600)

Just check the file permissions when you have a working configuration and be sure to keep the exact same
permission after copy back.

Another solution could be to move, a working, .ssh directory to the /mnt/HD_a2 and have your script create a symbolic
link from the ~/.ssh to /mnt/HD_a2/.ssh that should take care of the file permissions, too.  Or use rsync to do the copy
and preserve the file permission.

Last edited by mig (2008-05-22 00:13:41)


DNS-323 • 2x Seagate Barracuda ES 7200.10 ST3250620NS 250GB SATAII (3.0Gb/s) 7200RPM 16MB • RAID1 • FW1.03 • ext2 
Fonz's v0.3 fun_plug http://www.inreto.de/dns323/fun-plug

Offline

 

#17 2008-05-23 21:44:41

mediamatters
New member
Registered: 2008-05-21
Posts: 2

Re: Scp without password...

@mig:

right on! you were right it had to do with the permissions...rsycned the two dirs instead of cp them and it worked

thanks alot! saved me from a few hours of frustration smile

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB