Re: postgres user with automate rsync and private/public key pairs

2013/6/14 Daniel Vázquez <daniel2d2art@gmail.com>:
> Hi here!
>
> Centos 6.4
> Postgres 9.1
>
> I want to automate rsync backups from server1 to server2 via ssh using the
> postgres(linux deamon user) and a pair of private/public keys generated by
> ssh-keygen
>
> I generated the keys in Server1 and copy and added id_rsa.pub to
> /var/lib/pgsql/.ssh/authorized_keys in Server2. all owned by
> postgres:postgres and chmod 700 to .ssh/ folder and chmod 600 to
> authorized_key file.
> But when try to test it and try to access via ssh always ask for postgres
> password.
>
> Same procedure works properly for others user, but not for postgres user.
> postgres user is installed without password, I believed that this is the
> problem and I try to set a password, but the problem persists although
> postgres user has a password, can connect without  avoid the ssh password
> required prompt.
>
> At first it seems that everything is properly configured, I forget
> something?
> Can postgres (linux user) login via ssh with private/public pair keys?

There's no reason why that shouldn't work in principle.

There are a couple of potential issues related to the SSH configuration
(/etc/ssh/sshd_config) I can think of:
- if AllowGroups is set, the postgres user will need to be member of
one of the groups defined;
- if StrictModes is set to "yes", the postgres user directory should
not be world-writeable
(not that it should be anyway).

Looking at /var/log/auth.log might provide more clues.

Regards

Ian Barwick


>
> Last think ... I try to reset the postgres user as initial setup (without
> password) using passwd -d command but shadow file shows different blank
> password is not as double exclamation I don't know if it's indiferent for
> correct postgres work or there are some way to reset original postgres user
> values.
>
>   postgres::15849:0:99999:7:::
>
> instead of:
>
>   postgres:!!:15646::::::
>
>
> Thanks for your comments