Configuring SCP Backup

Before you can use SCP backup for the first time, you must set up the SSH key using the CLI keycopy option.

For details, see the system Command.

Setting up and testing the key is required for SCP backup using the GUI.

In failover configurations, perform the test on both nodes.

Prerequisites

Set the permissions of the ~/.ssh/authorized_keys file to 600 by running the following command: 
chmod 600 ~/.ssh/authorized_keys
Unless the file has permission 600, the files cannot be backed up to the server.

Procedure

  1. In the Appliance CLI, copy the Appliance's public SSH key to the SCP server:
    1. Run the system keycopy command:
      > system keycopy

      The appliance asks whether to test or copy the key.

    2. Enter C to copy the key.
      The appliance copies the key to the SCP server and displays its pathname.
    3. Note down the displayed SCP server path where the key is copied. Later you need to append this file to ~/.ssh/authorized_keys on the SCP server for the user’s SCP account (this must be identical to the user in step e).
      The appliance asks for the SCP server IP address.
      Note: The actual directory that ~ maps to is different for each user, because the shell maps it to the user’s home directory based on the username that is logged in.
    4. Enter the SCP server IP address (provided by your Administrator).
      The appliance asks for the SCP user name.
    5. Enter the SCP user name (provided by your Administrator).
      The appliance asks for confirmation of the displayed host IP address and RSA key fingerprint.
    6. Enter the password.
      The appliance prompts you to configure the SCP server with the appliance’s key, appending it to -/.ssh/authorized_keys on the server.
    7. Log in to the SCP server and enter the appliance’s key in the appropriate location, for example: 
      SCP Server: IP-address
login as: scpdata
=============================================================
Machine Name:  sqalinux
Owner: SQA Administrator
Groups: RE/SQA/Documentation
Last Update: Mar 25, 2009
=============================================================
SCP_server:~> ls -l /tmp/LOGLOGICPUBKEY
-rw-r--r--    1 scpdata  users         611 2009-03-08 18:07 LOGLOGICPUBKEY
SCP_server:~> cat /tmp/LOGLOGICPUBKEY >> ~/.ssh/authorized_keys

      SCP setup is complete.

  2. Verify the SCP setup.
    1. Run the system keycopy command:
      > system keycopy

      The appliance asks whether to test or copy the key.

    2. Enter T to test the key.
      The appliance asks for the SCP server IP address.
    3. Enter the SCP server IP address (provided by your Administrator).
      The appliance asks for the SCP user name.
    4. Enter the SCP user name (provided by your Administrator).
      The appliance copies a test file (scptestfile) to the SCP server and then copies it back to the LogLogic appliance.

      The appliance displays when the test copies complete successfully.

  3. Make sure the rsync, df, and awk utilities are installed on the SCP server. Without them, backup works but free space on the remote server is not reported.