Method1 using RSA authentication
he SSH protocol is recommended for remote login and remote file transfer which provides confidentiality and security for data exchanged between two computer systems, through the use of public key cryptography. The OpenSSH server provides this kind of setup under Linux. It is installed by default. This how-to covers generating and using ssh keys for automated usage such as:
- Automated Login using the shell scripts.
- Making backups.
- Run commands from the shell prompt etc.
Task: Generating SSH Keys
First, log on to your workstation ( for example log on to workstation called admin.fbsd.nixcraft.org as vivek user). Please refer the following sample setup - You will be log in, on your local system, AS THE USER you wish to make passwordless ssh connections.
Create the cryptographic Key on FreeBSD / Linux / UNIX workstation, enter:
ssh-keygen -t rsa
Assign the pass phrase (press [enter] key twice if you don't want a passphrase). It will create 2 files in ~/.ssh directory as follows:
- ~/.ssh/id_rsa : identification (private) key
- ~/.ssh/id_rsa.pub : public key
Use scp to copy the id_rsa.pub (public key) to rh9linux.nixcraft.org server as authorized_keys2 file, this is know as Installing the public key to server.
scp .ssh/id_rsa.pub firstname.lastname@example.org:.ssh/authorized_keys2
From FreeBSD workstation login to server:
Changing the pass-phrase on workstation (if needed):
Use of ssh-agent to avoid continues pass-phrase typing
At freebsd workstation type:
Type your pass-phrase
Now ssh server will not use prompt for the password. Above two commands can be added to your ~/.bash_profile file so that as soon as you login into workstation you can set the agent.
Deleting the keys hold by ssh-agent
To list keys, enter:
To delete all keys, enter:
To delete specific key, enter:
ssh-add -d key
Method2 using DSA authentication
Here is a list of the steps that I had to do to get automatic replication of /home/folder1 (or any other folder) on one server to /home/folder2 on another server:
To get replication working securly you firstly need to be able to connect via SSH without using passwords:
First server setup
ssh-keygen -t dsa
(press enter twice to give a blank password)
cd vi .ssh/.config
Press "i" to enter insert mode and copy this into the file:
Do NOT change the last line - it is supposed to say remotehost (not an actual host name). Now,
(save and exit vi)
chmod 700 .ssh vi .ssh/id_dsa.pub
It should look like this:
ssh-dss AAAA..............v root@HOSTNAMEOFSRV01
where there is lots of random letters/numbers where the dots are. Select it all and copy it. Make sure that it is all on one line with no spaces at the start or finish (which will happen if you copy it using putty on windows; test it by pasting it into notepad)
Tip: To copy from putty on windows select the text from within vi and pres Ctrl + Shift. To paste text enter insert mode and press the right mouse button.
Second Server Setup
cd vi .ssh/authorized_keys
Enter insert mode (press i) and paste the key, again ensuring that there are no spare newlines or spaces. Save the file and exit vi (press :wq then return, as above). Now you just need to set some permissions otherwise SSH will ignore the files you just created:
chmod 700 .ssh chmod 644 .ssh/authorized_keys
Testing passwordless SSH
On the first server, type
where srv02 = the hostname of the second server. It could be an IP address too.
If it just logs you in (no passwords), then you are done. If not double check the above and start google searching your errors
You have two options for replication: Unison and Rsync.
Rsync is one-way (will overwrite changes on the second server).
Unison is two-way (will allow changes on both servers (though clearly not at the same time!)
Setting up RSYNC
Skip to the unison section if you want two-way replication
Rsync is normally installed so I will not go through installing it. To make the rsync connection run the following command on srv01:
rsync -e ssh -avz --delete /home/folder1/ srv02hostname:/home/folder2
rsync -e ssh -avz --delete /etc/amanda/ redbck02:/etc/
rsync -e ssh -avz --delete /space/vtapes/ redbck02:/space/
again, where srv02 is the hostname or IP of srv02. This will make /home/folder2 on srv02 (the second server) identical to /home/folder1 (be aware that this will delete all files in /home/folder2 on srv02 that are not in /home/folder1 on srv01!)
You can put as many of these as you line in the crontab (crontab -e). You now have rsync set up: congratulations.
cd /bin wget http://www.cis.upenn.edu/~bcpierce/unison/download/stable/
latest/unison.linux-textui mv unison.linux-textui unison chmod +x unison
Then run this example at the first cluster to sync /var/www/html/ directories on both:
unison /var/www/html ssh://srv02hostname//var/www/html -batch
again, where srv02 is the hostname or IP of srv02
This will take a very long time to run for the first time but is very quick after that.
You can put as many of these as you line in the crontab (crontab -e). You now have unison set up: congratulations.