Commit eea3cfad authored by Emil Breiner's avatar Emil Breiner
Browse files

SSH-Key generation for helpers/borg.helper


Generating a RSA 4096 key pair for Borgbackup with ssh-keygen and a custom location for the keypair including input for a comment.

Change-Id: I944117307cc2408a2aece2506424844f0417d9de
Signed-off-by: Emil Breiner's avatarEmil Breiner <emil.breiner@krumedia.com>
parent 5fd29735
......@@ -79,13 +79,15 @@ do_borg_dest() {
set -o noglob
REPLY=
while [ -z "$REPLY" -o -z "$borg_directory" -o -z "$borg_host" -o -z "$borg_port" -o -z "$borg_user" -o -z "$borg_archive" -o -z "$borg_compression" ]
while [ -z "$REPLY" -o -z "$borg_directory" -o -z "$borg_host" \
-o -z "$borg_port" -o -z "$borg_user" -o -z "$borg_id_file" -o -z "$borg_archive" -o -z "$borg_compression" ]
do
formBegin "$borg_title - destination"
formItem "directory" "$borg_directory"
formItem "host" "$borg_host"
formItem "port" "$borg_port"
formItem "user" "$borg_user"
formItem "id_file" "$borg_id_file"
formItem "archive_name" "$borg_archive"
formItem "compression" "$borg_compression"
......@@ -96,8 +98,9 @@ do_borg_dest() {
borg_host=${tmp_array[1]}
borg_port=${tmp_array[2]}
borg_user=${tmp_array[3]}
borg_archive=${tmp_array[4]}
borg_compression=${tmp_array[5]}
borg_id_file=${tmp_array[4]}
borg_archive=${tmp_array[5]}
borg_compression=${tmp_array[6]}
done
set +o noglob
......@@ -170,36 +173,43 @@ do_borg_ssh_con() {
msgBox "$borg_title: error" "You must first configure the destination host."
return 1
else
booleanBox "$borg_title" "This step will create a ssh key for the local root user with no passphrase (if one does not already exist), and attempt to copy root's public ssh key to authorized_keys file of $borg_user@$borg_host. This will allow the local root to make unattended backups to $borg_user@$borg_host.\n\n\nAre you sure you want to continue?"
msg='This step will create a ssh key for the local root user with no passphrase (if one does not already exist), '\
'and attempt to copy '"${borg_user}'s"' public ssh key to authorized_keys file of '"$borg_user@$borg_host"'. '\
'This will allow the local root to make unattended backups to '"$borg_user@$borg_host.\n\n\n"\
'Specify an optional comment for the keypair:'
inputBox "$borg_title" "${msg}"
[ $? = 0 ] || return 1
key_comment=$REPLY
fi
if [ ! -f /root/.ssh/id_dsa.pub -a ! -f /root/.ssh/id_rsa.pub ]; then
echo "Creating local root's ssh key"
ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ""
echo "Done. hit return to continue"
read
if [ $? -eq 0 ]; then
echo "Creating local rsa keypair for user..."
if [ ! -f "$borg_id_file" ]; then
if [ "$key_comment" = "" ]; then
ssh-keygen -t rsa -b 4096 -f "$borg_id_file" -N ""
else
ssh-keygen -t rsa -b 4096 -f "$borg_id_file" -N "" -C "$key_comment"
fi
fi
fi
ssh -o PreferredAuthentications=publickey $borg_host -p $borg_port -l $borg_user "exit" 2> /dev/null
ssh -o PreferredAuthentications=publickey -i $borg_id_file $borg_host -p $borg_port -l $borg_user "exit" 2> /dev/null
if [ $? -ne 0 ]; then
echo "Copying root's public ssh key to authorized_keys of $borg_user@$borg_host. When prompted, specify the password for user $borg_user@$borg_host."
pubkeys=( /root/.ssh/id_[rd]sa.pub )
if ! ssh-copy-id -i ${pubkeys[0]} -p $borg_port $borg_user@$borg_host; then
if ! ssh-copy-id -i "${borg_id_file}.pub" -p $borg_port $borg_user@$borg_host ; then
echo "FAILED: Couldn't copy root's public ssh key to authorized_keys of $borg_user@$borg_host."
ssh -p $borg_port $borg_user@$borg_host 'test -w .ssh || test -w .'
result=$?
echo "Hit return to continue."
read
case $result in
0 ) msgBox "$borg_title: error" "Directories are writable: Probably just a typo the first time." ;;
0 ) msgBox "$borg_title: success" "Directories are writable." ;;
1 ) msgBox "$borg_title: error" "Connected successfully to $borg_user@$borg_host, but unable to write. Check ownership and modes of ~$borg_user on $borg_host." ;;
255 ) msgBox "$borg_title: error" "Failed to connect to $borg_user@$borg_host. Check hostname, username, and password. Also, make sure sshd is running on the destination host." ;;
* ) msgBox "$borg_title: error" "Unexpected error (return code ${result})." ;;
esac
return
else
echo "Done. hit return to continue"
echo "Done. Hit return to continue"
read
fi
else
......@@ -210,9 +220,9 @@ do_borg_ssh_con() {
# test to see if the remote borg backup directory exists and is writable
echo "Testing to see if remote borg backup directory exists and is writable"
ssh -p $borg_port $borg_user@$borg_host "test -d ${borg_directory}"
ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "test -d ${borg_directory}"
if [ $? = 0 ]; then
ssh -p $borg_port $borg_user@$borg_host "test -w $borg_directory"
ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "test -w $borg_directory"
if [ $? != 0 ]; then
msgBox "destination directory is not writable!" "The remote destination directory is not writable by the user you specified. Please fix the permissions on the directory and then try again."
remote_status=failed
......@@ -220,7 +230,7 @@ do_borg_ssh_con() {
else
booleanBox "Remote directory does not exist" "The destination backup directory does not exist, do you want me to create it for you?"
if [ $? = 0 ]; then
ssh -p $borg_port $borg_user@$borg_host "mkdir -p ${borg_directory}"
ssh -p $borg_port -i $borg_id_file $borg_user@$borg_host "mkdir -p ${borg_directory}"
result=$?
case $result in
0) msgBox "$borg_title: success" "Creation of the remote destination directory was a success!";;
......@@ -320,6 +330,7 @@ directory = $borg_directory
host = $borg_host
port = $borg_port
user = $borg_user
id_file = $borg_id_file
archive = $borg_archive
compression = $borg_compression
encryption = $borg_encryption
......@@ -377,6 +388,7 @@ borg_wizard() {
borg_user=root
borg_host=localhost
borg_port=22
borg_id_file=/root/.ssh/id_rsa
borg_archive='{now:%Y-%m-%dT%H:%M:%S}'
borg_compression=lz4
borg_encryption=none
......
......@@ -38,13 +38,14 @@ getconf user
getconf host
getconf port 22
getconf directory
getconf id_file /root/.ssh/id_rsa
# strip trailing /
directory=${directory%/}
getconf archive {now:%Y-%m-%dT%H:%M:%S}
getconf compression lz4
getconf encryption none
getconf passphrase
export BORG_RSH="ssh -i $id_file"
export BORG_PASSPHRASE="$passphrase"
### CHECK CONFIG ###
......@@ -75,8 +76,8 @@ fi
# check the connection at the source and destination
[ -n "$test" ] || test=0
if [ "$host" != "localhost" ] && ([ "$testconnect" = "yes" ] || [ "${test}" -eq 1 ]); then
debug "ssh -o PasswordAuthentication=no $host -p $port -l $user 'echo -n 1'"
local ret=$(ssh -o PasswordAuthentication=no $host -p $port -l $user 'echo -n 1')
debug "ssh -o PasswordAuthentication=no -i $id_file $host -p $port -l $user 'echo -n 1'"
local ret=$(ssh -o PasswordAuthentication=no -i $id_file $host -p $port -l $user 'echo -n 1')
if [ "$ret" = 1 ]; then
debug "Connected to $host as $user successfully"
else
......@@ -182,5 +183,6 @@ if [ "$prune" == "yes" ]; then
fi
unset BORG_PASSPHRASE
unset BORG_RSH
return 0
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment