Wednesday, January 03, 2007

Rsync and SSH

This Rsync and ssh is to automatically backup files from one server to another.

for more doc follow this link

We generate a key

$ ssh-keygen -t dsa -b 2048 -f /home/thisuser/cron/thishost-rsync-key
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): [press enter here]
Enter same passphrase again: [press enter here]
Your identification has been saved in /home/thisuser/cron/thishost-rsync-key.
Your public key has been saved in /home/thisuser/cron/
The key fingerprint is:
2e:28:d9:ec:85:21:e7:ff:73:df:2e:07:78:f0:d0:a0 thisuser@thishost

Copy the public key to remove PC
$ scp /home/thisuser/cron/ remoteuser@remotehost:/home/remoteuser/

Configuring remotehost
$ ssh remoteuser@remotehost remoteuser@remotehost's password: [type correct password here]

need to make sure we have the directory and files we need to authorize connections with this key
$ if [ ! -d .ssh ]; then mkdir .ssh ; chmod 700 .ssh ; fi
$ mv .ssh/
$ cd .ssh/
$ if [ ! -f authorized_keys ]; then touch authorized_keys ; chmod 600 authorized_keys ; fi
$ cat >> authorized_keys

we edit the 'authorized_keys' file (with vi)

before edit
ssh-dss AAAAB3NzaC1kc3MAAAEBAKYJenaYvMG3nHwWxKwlWLjHb77CT2hXwmC8Ap+ fG8wjlaY/9t4uA+2j2yBgN5cy8arlZ80q1Mcy763RjYGkR/FkLJ611HWIA= thisuser@thishost

we made the following change
from="",command="/home/remoteuser/cron/validate-rsync" ssh-dss AAAAB3Nza
C1kc3MAAAEBAKYBgN5cy8arlZ80q1Mcy763RjYGkR/FkLJ611HWIA= thisuser@thishost
your can omit the 'from="",' part of the line (including the comma), then 'rsync' will be possible using this key from anywhere.

create a script /home/remoteuser/cron/validate-rsync

echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
*\<*) echo "Rejected" ;; *\`*) echo "Rejected" ;; rsync\ --server*) $SSH_ORIGINAL_COMMAND ;; *) echo "Rejected" ;; esac

for test we give
$ rsync -avz -e "ssh -i /home/thisuser/cron/thishost-rsync-key" remoteuser@remotehost:/remote/dir /this/dir/

Cron Script
We save it in /root/rsync
#chmod 777 /root/rsync



We add the line in vi /var/spool/cron/crontabs/root or /etc/crontab
0 23 * * * /root/./rsync

done :)

No comments: