> For you you have two options :
> 1 do scp with a predefined password in the config and your problem is solved.
> 2. as normal user do a start shell
> marctb@srx04.lab> start shell
> %
> Su to root
> % su -
> Password:
> Type in your root password if you have one.
> run ssh-keygen as root
> root@srx04.lab% ssh-keygen -t rsa -b 4096
> cat the .ssh/id_rsa.pub
> put the output of the id_rsa.pub in the homedir of the user firewall@192.168.1.100
> paste the output in the ~firewall/.ssh/authorized_keys file
> exit the root shell of your srx
> make some changes to the config and see if your archival on commit works
> The commit is supposed to give you the standard ssh prompt, to which you need to answer "yes", to save the ssh key. > I also recommend that you do a test change and commit, and check if the configuration archive gets uploaded to the > target host.
Thank you -- that's a nice idea, which I have implemented. I could ssh from the root shell on the SRX to the backup box using the SSH key for authentication -- no problem. Unfortunately it doesn't seem to work on commit: there is no prompt for the SSH key passphrase.
Rancid looks nice, but it's overkill for us -- we don't have enough kit to justify it. I guess I'll just use the password authentication.