Disclaimer: I would not suggest doing this as root. I am only using root as an example.
I needed to replicate a file system from a production server to a DR server. I wanted to script and schedule this so there was no intervention needed from an end user. The first step was to setup passwordless SSH between the source and destination. I found a few tutorials out on the web but they were not as clear as would have liked. So, I documented my process and thought I would share it with you.
We will assume we have two hosts, host1 and host2. For my purposes, I want host2 to be able to run commands through ssh to host1 without being prompted for a password. In this example, we’ll assume the user running these commands is “root”.
On host2 you will need to do the following.
- Log in as root to host2
- Verify the following directory exists
/root/.ssh
- You can do this by issuing the following commands
# cd
# ls -al | grep .ssh
- If in the output returned you see .ssh, then the directory exists. If you are returned to a command prompt without seeing .ssh you will need to create the directory.
- If you need to create the directory issue the following commands.
# mkdir -p /root/.ssh
# chmod 700 /root/.ssh
- Now run the following command
# ssh-keygen -t rsa
*** You will see output similar to below ***
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
- You can hit enter at the above prompt and accept the defaults for the two prompts below
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
On host1 you will need to do the following.
- Log in as root to host1
- Verify the following directory exists
/root/.ssh
- You can do this by issuing the following commands
# cd
# ls -al | grep .ssh
- If in the output returned you see .ssh, then the directory exists. If you are returned to a command prompt without seeing .ssh you will need to create the directory.
- If you need to create the directory issue the following commands.
# mkdir -p /root/.ssh
# chmod 700 /root/.ssh
- Now copy host2’s id_rsa.pub key to host1 (assuming you are still on host1) renaming it to host2.pub
# scp host2:/root/.ssh/id_rsa.pub /root/.ssh/host2.pub
*** Note: my version(s) require authorized_keys2, your file may need to be named authorized_keys
- Now copy /root/.ssh/host2.pub to /root/.ssh/authorized_keys2
# cp /root/.ssh/host2.pub /root/.ssh/authorized_keys2
Now from host2 you should be able to ssh to host1 without being prompted for a password.
- Run the following command from host2 as a test
# ssh host1 ls
You should be returned a directory listing of host1 on host2 without being prompted for a password.
The file system replication script (using rsync) and scheduling (using cron) will be posted in a future blog update.
Monday, January 11, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment