Generating
SSL Public and Private key pairs is a good idea if you are automating things
such as rsync because it allows you to authenticate between a primary and
secondary server without having to provide a password every time. I am using
this to rsync the backup of my LDAP server, and I am setting this up so only
the backup user will be able to connect
to both servers without a password, as the backup user is the only user that will
need to do this. This means that you will need to set up a crontab for the
backup user.
To enable
the remote login you need to create a pair of keys, one of which will be added
to a file on the remote server. The key pairs will be stored in the following
files:
* ~/.ssh/id_rsa
*~/.ssh/id_rsa.pub
You will
need to create the .ssh directory and the id_rsa and id_rsa.pub files before
you can generate the keys.
To generate
the keys you will need to run:
ssh-keygen
-t rsa
You will be
asked where you want the key file to be saved, as I am using the key for the
backup user I am saving it in /home/backup/.ssh/id_rsa.
Next you
will be asked to enter a pass phrase, you can choose to leave this blank and
have no pass phrase. If you create the files without a passphrase the key files
will be available to be used without being unlocked, which is what you want if
you are wishing to automate things.
Now that you
have a pair of key files you need to append the contents of the.pub file to the
right location on the remote server.
To do this
you will need to run the following command:
ssh-copy-id -i
/home/backup/.ssh/id_rsa.pub otheruser@remotehost
chown -R backup:users .ssh
cd .ssh
chmod 600 id * # This means that
the key files can only be read by the owner, which in this case is the backup
user, this is vital to keeping the server secure.
Once you've
done this you'll be able to log in remotely and run commands without being
prompted for a password!
No comments:
Post a Comment