/opt/tomcat/logs/rsaweb-log.log
DEBUG [ajp-nio-8009-exec-3] RKMALogger.doLog(330) | com.rsa.appliance.web.NewBackupController.configureBackup(NewBackupController.java:133) : Enter method configureBackup
DEBUG [ajp-nio-8009-exec-3] RKMALogger.doLog(330) | com.rsa.appliance.web.NewBackupHandler.configureBackup(NewBackupHandler.java:93) : Enter method configureBackup
DEBUG [ajp-nio-8009-exec-3] RKMALogger.doLog(330) | com.rsa.appliance.service.impl.NewBackupServiceImpl.configureBackup(NewBackupServiceImpl.java:63) : Enter method configureBackup
ALL [ajp-nio-8009-exec-3] AuditServiceImpl.audit(109) | [CONFIGURE_BACKUP] User rkmaadmin has configured backup on bkpuser@10.10.10.10 INFO [ajp-nio-8009-exec-3] RKMALogger.sysLog(372) | [CONFIGURE_BACKUP] User rkmaadmin has configured backup on bkpuser@10.10.10.10
ERROR [ajp-nio-8009-exec-3] RKMALogger.doLog(330) | com.rsa.appliance.web.NewBackupController.configureBackup(NewBackupController.java:149) : Error while configuring backup
/opt/appliance/logs/rkma-system.log
2014-05-29 09:11:10,441 ERROR - error.backup.configuration.remote.host.unreachable
backup.log
Configuring backup ... Started
Cleanup ... Started
Unmounting mount point ... Started
Unmounting mount point ... Done
Removing backup SSH keys ... Started
Removing backup SSH keys ... Done
Cleanup ... Done
Create SSH key ... Started
Create SSH key ... Done
Copy SSH public key to the remote host ... Started
Remote host IP validation ... Done
Copy SSH Public Key to Remote Server /root/.ssh/backupSSHKey.pub dir <hostname>
Failed to copy SSH public key to the remote host [ERROR CODE: 110 ]
Deleting backup work folder ...
remote backup user in a chroot environment, as according to SSHFS wiki https://wiki.archlinux.org/index.php/sshfs) this is how you do it secure.
Current backup configuration process:
- SSH key created on the appliance
- SSH key copied to remote server using SCP
- Local mount point is created
- Remote backup folder mounted using SSH key
- GPG key created
- Backup folder created in mounted folder
- Backup retention policy file created and copied in mounted folder
Since the user is restricted in doing ONLY internal-sftp, copying the SSH key file using SCP fails.
Workaround:
1. On the remote backup server, create the .ssh folder with proper permissions
mkdir .ssh; chown bkpuser:bkpuser .ssh; chmod 700 .ssh
2. On the appliance
sshfs bkpuser@10.101.65.148: /tmp/mount
umask 077
cat /root/.ssh/backupSSHKey.pub >> /tmp/mount/.ssh/authorized_keys
umount /tmp/mount
3. Edit the file /opt/rsa/setup/sh/backup/IncrementalBackupOperations.sh in the method configureBackup to comment those lines:
#Unmount mount point and remove Backup SSH keys
#cleanup
#Create Backup SSH Key:
#createSSHKey $SSH_KEY_FILE
#exitOnError $? "Error in creating backup SSH key"
#Copy SSH Public Key To Remote Location:
#copySSHPulicKeyToRemoteLocation $REMOTE_HOST_IP $REMOTE_HOST_USERNAME $SSH_KEY_FILE "$REMOTE_HOST_PASSWORD"
#exitOnError $? "Error in copying backup SSH key to remote location"
4. Configure the backups as normal via the appliance console
Related Articles
Installation of RSA Identity Governance & Lifecycle 7.0.2 fails during WildFly install/config phase with jboss-modules.jar… Number of Views Unable to restore a backup data more than once when a restore destination is not same Authentication Manager of the backup… Number of Views How to perform Validation checks when building Request Forms in RSA Identity Governance & Lifecycle Number of Views Enable RADIUS on Identity Routers in a Cluster Number of Views RSA SecurID Web Tier is not working and has a status of "Offline" or "Offline, reinstall required" in the Authentication M… Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager Patch Updates How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA Governance & Lifecycle 8.0.0 Installation Guide
