I’ve been moving services from one server to another. Manually.
My Bacula server is now running in a FreeBSD jail. I just got ready to copy backups from disk to tape. But one aspect was failing: updating my statistics.
After each tape job, I collect statistics on that tape, with respect to tape errors. That is done via SSH. The job error was:
05-Jun 13:52 bacula-dir JobId 132208: shell command: run AfterJob "/home/dan/bin/dlt-stats-kraken" 05-Jun 13:52 bacula-dir JobId 132208: AfterJob: Host key verification failed. 05-Jun 13:52 bacula-dir JobId 132208: Error: Runscript: AfterJob returned non-zero status=255. ERR=Unknown error during program execvp
So I know what’s happening. When you ssh to a host you have never ssh’d to before, you get this type of message:
$ ssh bacula151 The authenticity of host 'bacula151.example.org (10.0.2.151)' can't be established. RSA key fingerprint is 70:bd:a0:42:b7:18:d8:e6:3c:19:f0:d9:df:e5:9e:b8. Are you sure you want to continue connecting (yes/no)?
I’ll leave out the reasoning behind this strategy; there a lot written already.
What’s missing? known_hosts.
I could issue an ssh command as the bacula user. But since I know the host key and it already exists in an exist known_hosts file, I’ll just copy that known_hosts file over.
Copy it to where?
$ grep bacula /etc/passwd bacula:*:910:910:Bacula Daemon:/var/db/bacula:/usr/sbin/nologin
Since this is FreeBSD, that’s easily found out with the above command.
When I went to /var/db/bacula, I found a .ssh directory already existed. That would be created during the ssh of the AfterJob script.
All I needed to do was scp known_hosts from the old server to the new server.
Check the permissions. Here’s mine:
# cd /var/db/bacula # ls -l .ssh/known_hosts -rw-r----- 1 bacula bacula 404 Jun 6 13:55 .ssh/known_hosts
Hope that helps.
