目的:使用ssh密鑰實現無交互備份。做成腳本,定時將10.80.0.161上的數據,定期備份到10.80.0.1上
1、測試環境介紹
服務端:10.80.0.1 目錄:/mpeg/mirrors/yumwarehouse/rhel6/
客戶端:10.80.0.161 目錄:/home/rpmpackage/saltmaster
2,創建ssh免秘鑰環境,測試無交互備份
在10.80.0.1上執行:
- 生成秘鑰文件
[root@cdncenter yumwarehouse]# pwd /mpeg/mirrors/yumwarehouse [root@cdncenter yumwarehouse]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 17:ea:d3:2a:df:83:4f:86:9c:fc:3e:b5:0d:bf:0b:48
- 將公鑰文件下發給客戶端
#常見報錯 [root@cdncenter yumwarehouse]# ssh-copy-id root@10.80.0.161 /usr/bin/ssh-copy-id: ERROR: No identities found #使用“-i” 指定公鑰文件,重新執行 [root@cdncenter yumwarehouse]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.80.0.161 21 The authenticity of host '10.80.0.161 (10.80.0.161)' can't be established. RSA key fingerprint is 9e:13:74:01:31:c7:03:ab:ce:44:f8:b2:5d:a8:13:dc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.80.0.161' (RSA) to the list of known hosts. Address 10.80.0.161 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! root@10.80.0.161's password: Now try logging into the machine, with "ssh 'root@10.80.0.161'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
- 測試無交互備份
[root@cdncenter rhel6]# rsync -avp root@10.80.0.161:/home/rpmpackage/saltmaster/ /mpeg/mirrors/yumwarehouse/rhel6/ Address 10.80.0.161 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! receiving file list ... done ./ PyYAML-3.10-3.1.el6.x86_64.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm m2crypto-0.20.2-9.el6.x86_64.rpm openpgm-5.1.118-3.el6.x86_64.rpm python-babel-0.9.4-5.1.el6.noarch.rpm python-backports-1.0-5.el6.x86_64.rpm python-backports-ssl_match_hostname-3.4.0.2-5.el6.noarch.rpm python-chardet-2.2.1-1.el6.noarch.rpm python-jinja2-2.2.1-3.el6.x86_64.rpm python-msgpack-0.4.6-1.el6.x86_64.rpm python-requests-2.6.0-4.el6.noarch.rpm python-setuptools-0.6.10-3.el6.noarch.rpm python-six-1.9.0-2.el6.noarch.rpm python-urllib3-1.10.2-3.el6.noarch.rpm python-zmq-14.3.1-1.el6.x86_64.rpm salt-2015.5.10-2.el6.noarch.rpm salt-master-2015.5.10-2.el6.noarch.rpm zeromq3-3.2.5-1.el6.x86_64.rpm sent 422 bytes received 10028007 bytes 20056858.00 bytes/sec total size is 10025192 speedup is 1.00
- 編寫腳本
#!/bin/sh rsync -az --delete root@10.80.0.161:/home/rpmpackage/saltmaster/ /mpeg/mirrors/yumwarehouse/rhel6/
- 加到定時任務,實現定時備份
[root@cdncenter scripts]# chmod +x rsync-ssh-get.sh [root@cdncenter rhel6]# crontab -e
10 3 * * * * sh /server/scripts/rsync-ssh-get.sh &
rsync.log日志中的報錯和解決辦法:
Address 10.80.0.161 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
原因:在用key認證的時候,也會出現,很是煩人,用監測工具,自動login的時候,出現這種提示,會自動關閉.
解決辦法:
修改客戶端(10.80.0.161)的/etc/ssh/sshd_config ,把參數GSSAPIAuthentication no,然后重啟sshd服務;
---未完待續