Jun 062013

I’ve been moving services from one server to another. Manually.

My Bacula server is now running in a FreeBSD jail. I just got ready to copy backups from disk to tape. But one aspect was failing: updating my statistics.

After each tape job, I collect statistics on that tape, with respect to tape errors. That is done via SSH. The job error was:

05-Jun 13:52 bacula-dir JobId 132208: shell command: run AfterJob "/home/dan/bin/dlt-stats-kraken"
05-Jun 13:52 bacula-dir JobId 132208: AfterJob: Host key verification failed.
05-Jun 13:52 bacula-dir JobId 132208: Error: Runscript: AfterJob returned non-zero status=255. ERR=Unknown error during program execvp

So I know what’s happening. When you ssh to a host you have never ssh’d to before, you get this type of message:

$ ssh bacula151
The authenticity of host 'bacula151.example.org (' can't be established.
RSA key fingerprint is 70:bd:a0:42:b7:18:d8:e6:3c:19:f0:d9:df:e5:9e:b8.
Are you sure you want to continue connecting (yes/no)?

I’ll leave out the reasoning behind this strategy; there a lot written already.

What’s missing? known_hosts.

I could issue an ssh command as the bacula user. But since I know the host key and it already exists in an exist known_hosts file, I’ll just copy that known_hosts file over.

Copy it to where?

 $ grep bacula /etc/passwd
bacula:*:910:910:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin

Since this is FreeBSD, that’s easily found out with the above command.

When I went to /var/db/bacula, I found a .ssh directory already existed. That would be created during the ssh of the AfterJob script.

All I needed to do was scp known_hosts from the old server to the new server.

Check the permissions. Here’s mine:

# cd /var/db/bacula
# ls -l .ssh/known_hosts
-rw-r-----  1 bacula  bacula  404 Jun  6 13:55 .ssh/known_hosts

Hope that helps.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive