====== How do I setup SSH2 ======


===== Key generation =====

As root on the client machine, use ssh-keygen2 to generate a public/private key pair:
  ssh-keygen2 -t rsa
or, because this command is sometimes renamed to ssh-keygen:
  ssh-keygen -t rsa

This will save the public key in ~/.ssh2/id_rsa_1024_a.pub and the private key in ~/.ssh2/id_rsa_1024_a. As a password, you would type nothing (just enter) if you wish BackupPC to start automatically; alternatively, you could set a password on the private key as stored in the file system, and use an agent as described below to store the private key without password only in memory.

===== Identification =====

Create the identification file ~/.ssh2/identification:
  echo "IdKey id_rsa_1024_a" > ~/.ssh2/identification

===== BackupPC setup =====

Repeat the above steps for the BackupPC user (__BACKUPPCUSER__) on the server. Rename the key files to recognizable names, eg:
  ssh-keygen2 -t rsa
  mv ~/.ssh2/id_rsa_1024_a.pub ~/.ssh2/BackupPC_id_rsa_1024_a.pub
  mv ~/.ssh2/id_rsa_1024_a     ~/.ssh2/BackupPC_id_rsa_1024_a
  echo "IdKey BackupPC_id_rsa_1024_a" > ~/.ssh2/identification

Based on your ssh2 configuration, you might also need to turn off StrictHostKeyChecking and PasswordAuthentication:
  touch ~/.ssh2/ssh2_config
  echo "StrictHostKeyChecking ask" >> ~/.ssh2/ssh2_config
  echo "PasswordAuthentication no" >> ~/.ssh2/ssh2_config

===== Key exchange =====

To allow BackupPC to ssh to the client as root, you need to place BackupPC's public key into root's authorized list on the client. Copy BackupPC's public key (BackupPC_id_rsa_1024_a.pub) to the ~/.ssh2 directory on the client. Add the following line to the ~/.ssh2/authorization file on the client (as root):
  touch ~/.ssh2/authorization
  echo "Key BackupPC_id_rsa_1024_a.pub" >> ~/.ssh2/authorization

===== Fix permissions =====

You will probably need to make sure that all the files in ~/.ssh2 have no group or other read/write permission:
  chmod -R go-rwx ~/.ssh2

You should do the same thing for the BackupPC user on the server.

===== Testing =====

As the BackupPC user on the server, verify that the following command prints "root":
  ssh2 -l root clientHostName whoami

You might be prompted the first time to accept the client's host key and you might be prompted for root's password on the client. Make sure that this command runs cleanly with no prompts after the first time. You might need to check /etc/hosts.equiv on the client. Look at the man pages for more information. The -v option to ssh2 is a good way to get detailed information about what fails.