 | | | SSH Connection | SSH Connection 2005-06-02 - By Bill Tangren
Back
Kelley.Coleman@(protected) wrote:
> I would like to run a script on box A that connects to box B, executes a
> script there, then returns to complete the original script. The user
> accounts are different on each box. Box A user is 'oracle', box B user is
> 'ias'.
>
> I tried:
>
> ssh servername -l ias /u01/ias/scripts/test_script.sh
>
> but I'm prompted for a password.
>
> I tried putting the password into the script where it seems to want it, but
> again, I'm prompted for a password and it processes the password in the
> script as a command.
>
> Do I need to do something in the ssh_config? known_hosts? authorized_keys?
>
> I'm not thrilled with the thought of having the password in a script file.
> So if there's a better way, I'm all for hearing it!
>
> Thanks in advance...
>
> Kelley Coleman
> Database Administrator
> VA Health Administration Center
> Denver, Colorado
> 303-331-7521-o
> 888-732-8802-p
> 720-319-0454-c
>
I have several servers that I use as hot backups of our production
servers. This is what I do to automate the backups in as secure way as
possible. You should be able to modify this to suit your needs.
Step 1:
Server A is the production server. Server B is the data backup. As root
on server B, generate a key, and give it a unique name, and don't enter
a passphrase (just hit enter):
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa_A_backup
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa_A_backup.
Your public key has been saved in /root/.ssh/id_rsa_A_backup.pub.
The key fingerprint is:
ee:19:aa:f5:ac:62:dc:18:7d:cd:dd:9e:66:62:0d:98 root@(protected)
#
Step 2:
Go to /root/.ssh, and ftp to A.com. Then cd to /root/.ssh/ (on A.com)
and put the id_rsa_A_backup.pub file into that directory. Exit ftp.
Step 3:
Telnet into A.com, and cd to /root/.ssh/. If there is a file there
called authorized_keys2, then:
Step 4:
# cat id_rsa_A_backup.pub >> authorized_keys2
#
If authorized_keys2 doesn't exist, then:
# mv id_rsa_A_backup.pub authorized_keys2
#
Step 5:
If you are doing a backup on B.com using rsync like this:
# rsync -avrz -e 'ssh -i /root/.ssh/id_rsa_A_backup' A.com:/home/
/home/A/home/
then you need to add a line to authorized_keys2 like this:
command="rsync --server -avrz . /home/"
You MUST add this line immediately before the key you added to the end
of this file. This line ties the key to the command you are going to run
on B.com, so that if the key is stolen, the thief can only use it to run
this command. They *shouldn't* be able to get general root access to
your system.
Once you do this, you can run your command on B.com and see if it works.
If it does, you can put it in a cron script to run automatically (on
B.com).
HTH
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
Earn $52 per hosting referral at Lunarpages.
|
|
|