Table of Contents Previous Next


4 Configuration : 4.2 Configuring a Database Server for BART Management : 4.2.1 Authorizing SSH/SCP Access without a Password

A password-less connection is accomplished by the use of authorized public keys, which is a list of public keys of client user accounts that are to be allowed to connect to the target server.
Section 4.2.1.1 provides an example of how you may first have to enable public key authentication usage on the server running the SSH server daemon.
Section 4.2.1.2 provides general instructions on how to set up the authorized public keys file.
Section 4.2.1.3 then describes the combination of hosts for BART usage on which a connection must be established without a password prompt.
In the SSH server daemon configuration file, /etc/ssh/sshd_config, check that the following parameter is set to yes and is not commented:
Note: For any SSH or SCP errors or problems, examine the following log file:
The target server to which a password-less SSH or SCP connection is to be made must contain an authorized public keys file. The file is named authorized_keys and is located under the USER_HOME/.ssh directory where USER_HOME is the home directory of the user account on the target server that is to be used to establish the remote session.
Note: The public key should be appended onto the end of any existing authorized_keys file. Any existing authorized_keys file should not be replaced in its entirety.
Step 1: On the client system, log in as the user account that will be initiating the SSH or SCP connection.
Step 2: Change to the user account’s home directory and check if there is an existing .ssh subdirectory. If not, create one as follows:
chown user .ssh
chgrp usergroup .ssh
Where user is the user account name and usergroup is the associated group of the user.
Step 3: Generate the public key file with the following command. Accept all prompted defaults and do not specify a passphrase when prompted for one.
The public key file named id_rsa.pub is created in the .ssh subdirectory.
Step 4: By whatever means is available in your system environment, create a copy of file id_rsa.pub on the target server.
scp ~/.ssh/id_rsa.pub target_user@host_address:tmp.pub
Step 5: Log into the target server as target_user, again using whatever means is possible in your system environment.
ssh target_user@host_address
Step 6: Change to the target user account’s home directory and check if there is an existing .ssh subdirectory. If not, create one as shown in Step 2.
Step 7: Append the temporary, client’s public key file, tmp.pub, to the authorized keys file named authorized_keys. If an existing authorized keys file does not exist, create a new file, but do not completely replace any existing authorized keys file.
Make sure the authorized_keys file is only accessible by the file owner and not by groups or other users. If the authorized_keys file does not have the required permission setting (600) or it was newly created, change the file permissions as follows:
Step 8: Delete the temporary public key file, tmp.pub.
Now, when logged into the client system as user there should be no prompt for a password when commands such as the following are given:
ssh target_user@host_address
scp file_name target_user@host_address:directory_path
scp target_user@host_address:directory_path/file file_name
2.
From the BART host (SSH/SCP client) to each BART managed database server (target SSH/SCP server) for taking incremental backups and for supporting restoration of the full backup, the archived WAL files, and the modified blocks, which occurs when the BART RESTORE subcommand is given. Note: If backups are to be taken from a given database server host, but restored to a different database server host, the password-less SSH/SCP connections must be configured from the BART host to the database server host from which the backup is to be taken as well as from the BART host to the database server host to which the backup is to be restored.
Note: While
For scenario 1, the SSH client in which the public key file (id_rsa.pub) is generated with the ssh-keygen –t rsa command is the database server. The public key file is generated by the user account running the database server.
The target SSH server in which the public key file is to be appended onto the ~/.ssh/authorized_keys file is the BART host. The authorized_keys file is in the BART user account’s home directory.
For scenario 2, the SSH client in which the public key file (id_rsa.pub) is generated with the ssh-keygen –t rsa command is the BART host. The public key file is generated by the BART user account.
The target SSH server in which the public key file is to be appended onto the ~/.ssh/authorized_keys file is the database server. The authorized_keys file is in the home directory of the user account owning the directory where the database backup is to be restored.
See Section 6.2 for examples of each scenario.

4 Configuration : 4.2 Configuring a Database Server for BART Management : 4.2.1 Authorizing SSH/SCP Access without a Password

Table of Contents Previous Next