ssh tanpa password

December 27, 2010 by gregor · Leave a Comment
Filed under: linux, rsync, ssh 

untuk keperluan backup data secara otomatis via /etc/crontab, dibutuhkan ssh tanpa password dari lokal ke remote. berikut ini cara singkat untuk melakukannya :

di komputer lokal :

$ ssh-keygen

lalu tekan enter 3 kali.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote

$ ssh user@remote

Tags:

backing up vpopmail with rsync and ssh non standard port

September 17, 2008 by gregorgede · Leave a Comment
Filed under: rsync, ssh, vpopmail 

this is for redhat and friends using openssh from rpm.
backup server is the server where we want to put the backup files.
remoteserver is the server where the vpopmail is.
backup server pulls data on remoteserver.

on backup server as root:

$ssh-keygen -t dsa -b 1024 -f /root/.ssh/rsync-key

just press enter for passphrase

$cd /root/.ssh
$scp /root/.ssh/rsync-key.pub root@remoteserver:/root/.ssh/

on remoteserver as root :

$cd /root/.ssh
$touch authorized_keys
$chmod 600 authorized_keys
$cat rsync-key.pub >> authorized_keys
$rm rsync-key.pub
$vi /etc/ssh/sshd_config

add or change as these :
PermitRootLogin forced-commands-only
AllowUsers root

save and exit

$service sshd restart
$vi /root/.ssh/rsync-only

add these lines :

#!/bin/sh
logger -t ssh-command “$SSH_ORIGINAL_COMMAND”
echo $SSH_ORIGINAL_COMMAND > /tmp/work.$$
if ! grep -q ‘^rsync –server ‘ /tmp/work.$$
then
logger -t rsync-key INVALID COMMAND “\”$SSH_ORIGINAL_COMMAND\”"
exit 1
fi
rm /tmp/work.$$
exec $SSH_ORIGINAL_COMMAND

save and exit

$chmod 755 /root/.ssh/rsync-only
$vi authorized_keys

change this :
ssh-dss AAAAB3NzaC1ksdfjskdjfkdjsdjas…..etc

to this :
command=”/root/.ssh/rsync-only” ssh-dss AAAAB3NzaC1ksdfjskdjfkdjsdjas…..etc

on backup server as root :

$vi /etc/crontab
add this line (all in one line) to backup every wednesday at 4 am :

0 4 * * 3 root rsync -aS –delete -e “ssh -i /root/.ssh/rsync-key -p 222″ root@remoteserver:/home/vpopmail/domains /home/mail/cron

save and exit

remote server is using non standard ssh port. that’s what -p 222 is for.

$service crond restart

references:
http://goodcleanemail.com/index.php?option=com_content&task=view&id=45
http://www.qmailinfo.org/index.php/ExampleRsyncScripts
http://qmail.jms1.net/backup.shtml

Tags: