From 161b5236b67681ef8ce6b8e4bc59c8dc01acb214 Mon Sep 17 00:00:00 2001 From: Bernard `Guyzmo` Pratz Date: Thu, 14 Jan 2016 21:52:46 +0000 Subject: [PATCH] Updated key setup - made key lower in bits, but stronger (using -a option), - made ssh-keygen run in background using nohup, - added independent key file, as id_rsa_miab, - added ssh-options to all duplicity calls to use the id_rsa_miab keyfile, - changed path to the public key display Signed-off-by: Bernard `Guyzmo` Pratz --- management/backup.py | 10 ++++++++-- setup/system.sh | 5 +++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/management/backup.py b/management/backup.py index 3c6f26bf..0ba1a95a 100755 --- a/management/backup.py +++ b/management/backup.py @@ -57,6 +57,7 @@ def backup_status(env): "--archive-dir", backup_cache_dir, "--gpg-options", "--cipher-algo=AES256", "--log-fd", "1", + "--ssh-options='-i /root/.ssh/id_rsa_miab'", config["target"], ], get_env(env), @@ -249,6 +250,7 @@ def perform_backup(full_backup): "--volsize", "250", "--gpg-options", "--cipher-algo=AES256", env["STORAGE_ROOT"], + "--ssh-options='-i /root/.ssh/id_rsa_miab'", config["target"], "--allow-source-mismatch" ], @@ -272,6 +274,7 @@ def perform_backup(full_backup): "--verbosity", "error", "--archive-dir", backup_cache_dir, "--force", + "--ssh-options='-i /root/.ssh/id_rsa_miab'", config["target"] ], get_env(env)) @@ -287,6 +290,7 @@ def perform_backup(full_backup): "--verbosity", "error", "--archive-dir", backup_cache_dir, "--force", + "--ssh-options='-i /root/.ssh/id_rsa_miab'", config["target"] ], get_env(env)) @@ -325,6 +329,7 @@ def run_duplicity_verification(): "--compare-data", "--archive-dir", backup_cache_dir, "--exclude", backup_root, + "--ssh-options='-i /root/.ssh/id_rsa_miab'", config["target"], env["STORAGE_ROOT"], ], get_env(env)) @@ -337,6 +342,7 @@ def run_duplicity_restore(args): "/usr/bin/duplicity", "restore", "--archive-dir", backup_cache_dir, + "--ssh-options='-i /root/.ssh/id_rsa_miab'", config["target"], ] + args, get_env(env)) @@ -360,7 +366,7 @@ def list_target_files(config): rsync_command = [ 'rsync', '-e', - '/usr/bin/ssh -o StrictHostKeyChecking=no -oBatchMode=yes', + '/usr/bin/ssh -i /root/.ssh/id_rsa_miab -oStrictHostKeyChecking=no -oBatchMode=yes', '--list-only', '-r', rsync_target.format( @@ -477,7 +483,7 @@ def get_backup_config(env, for_save=False, for_ui=False): # Expand to the full URL. config["target"] = "file://" + config["file_target_directory"] elif config["target"].startswith('rsync'): - ssh_pub_key = os.path.join('/root', '.ssh', 'id_rsa.pub') + ssh_pub_key = os.path.join('/root', '.ssh', 'id_rsa_miab.pub') if os.path.exists(ssh_pub_key): config["ssh_pub_key"] = open(ssh_pub_key, 'r').read() diff --git a/setup/system.sh b/setup/system.sh index d2f47a44..d478bd73 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -144,8 +144,9 @@ pollinate -q -r # Between these two, we really ought to be all set. -echo 'Creating SSH public key... (might take a while)' -ssh-keygen -t rsa -b 8192 -f /root/.ssh/id_rsa -N '' -q +echo 'Launching SSH public key creation...' + +nohup ssh-keygen -t rsa -b 2048 -a 100 -f /root/.ssh/id_rsa_miab -N '' -q 2>&1 >/dev/null # ### Package maintenance #