Updated key setup

- made key lower in bits, but stronger (using -a option),
- made ssh-keygen run in background using nohup,
- added independent key file, as id_rsa_miab,
- added ssh-options to all duplicity calls to use the id_rsa_miab keyfile,
- changed path to the public key display

Signed-off-by: Bernard `Guyzmo` Pratz <guyzmo+github@m0g.net>

management/backup.py

@@ -57,6 +57,7 @@ def backup_status(env):
 		"--archive-dir", backup_cache_dir,
 		"--gpg-options", "--cipher-algo=AES256",
 		"--log-fd", "1",
+		"--ssh-options='-i /root/.ssh/id_rsa_miab'",
 		config["target"],
 		],
 		get_env(env),
@@ -249,6 +250,7 @@ def perform_backup(full_backup):
 			"--volsize", "250",
 			"--gpg-options", "--cipher-algo=AES256",
 			env["STORAGE_ROOT"],
+			"--ssh-options='-i /root/.ssh/id_rsa_miab'",
 			config["target"],
 			"--allow-source-mismatch"
 			],
@@ -272,6 +274,7 @@ def perform_backup(full_backup):
 		"--verbosity", "error",
 		"--archive-dir", backup_cache_dir,
 		"--force",
+		"--ssh-options='-i /root/.ssh/id_rsa_miab'",
 		config["target"]
 		],
 		get_env(env))
@@ -287,6 +290,7 @@ def perform_backup(full_backup):
 		"--verbosity", "error",
 		"--archive-dir", backup_cache_dir,
 		"--force",
+		"--ssh-options='-i /root/.ssh/id_rsa_miab'",
 		config["target"]
 		],
 		get_env(env))
@@ -325,6 +329,7 @@ def run_duplicity_verification():
 		"--compare-data",
 		"--archive-dir", backup_cache_dir,
 		"--exclude", backup_root,
+		"--ssh-options='-i /root/.ssh/id_rsa_miab'",
 		config["target"],
 		env["STORAGE_ROOT"],
 	], get_env(env))
@@ -337,6 +342,7 @@ def run_duplicity_restore(args):
 		"/usr/bin/duplicity",
 		"restore",
 		"--archive-dir", backup_cache_dir,
+		"--ssh-options='-i /root/.ssh/id_rsa_miab'",
 		config["target"],
 		] + args,
 	get_env(env))
@@ -360,7 +366,7 @@ def list_target_files(config):
 
 		rsync_command = [ 'rsync',
 					'-e',
-					'/usr/bin/ssh -o StrictHostKeyChecking=no -oBatchMode=yes',
+					'/usr/bin/ssh -i /root/.ssh/id_rsa_miab -oStrictHostKeyChecking=no -oBatchMode=yes',
 					'--list-only',
 					'-r',
 					rsync_target.format(
@@ -477,7 +483,7 @@ def get_backup_config(env, for_save=False, for_ui=False):
 		# Expand to the full URL.
 		config["target"] = "file://" + config["file_target_directory"]
 	elif config["target"].startswith('rsync'):
-		ssh_pub_key = os.path.join('/root', '.ssh', 'id_rsa.pub')
+		ssh_pub_key = os.path.join('/root', '.ssh', 'id_rsa_miab.pub')
 		if os.path.exists(ssh_pub_key):
 			config["ssh_pub_key"] = open(ssh_pub_key, 'r').read()
 

setup/system.sh

@@ -144,8 +144,9 @@ pollinate  -q -r
 
 # Between these two, we really ought to be all set.
 
-echo 'Creating SSH public key... (might take a while)'
+echo 'Launching SSH public key creation...'
-ssh-keygen -t rsa -b 8192 -f /root/.ssh/id_rsa -N '' -q
+
+nohup ssh-keygen -t rsa -b 2048 -a 100 -f /root/.ssh/id_rsa_miab -N '' -q 2>&1 >/dev/null
 
 # ### Package maintenance
 #