目的:使用ssh密钥实现无交互备份。做成脚本,定时将10.80.0.161上的数据,定期备份到10.80.0.1上
1、测试环境介绍
服务端:10.80.0.1 目录:/mpeg/mirrors/yumwarehouse/rhel6/
客户端:10.80.0.161 目录:/home/rpmpackage/saltmaster
2,创建ssh免秘钥环境,测试无交互备份
在10.80.0.1上执行:
- 生成秘钥文件
[root@cdncenter yumwarehouse]# pwd /mpeg/mirrors/yumwarehouse [root@cdncenter yumwarehouse]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 17:ea:d3:2a:df:83:4f:86:9c:fc:3e:b5:0d:bf:0b:48
- 将公钥文件下发给客户端
#常见报错 [root@cdncenter yumwarehouse]# ssh-copy-id root@10.80.0.161 /usr/bin/ssh-copy-id: ERROR: No identities found #使用“-i” 指定公钥文件,重新执行 [root@cdncenter yumwarehouse]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.80.0.161 21 The authenticity of host '10.80.0.161 (10.80.0.161)' can't be established. RSA key fingerprint is 9e:13:74:01:31:c7:03:ab:ce:44:f8:b2:5d:a8:13:dc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.80.0.161' (RSA) to the list of known hosts. Address 10.80.0.161 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! root@10.80.0.161's password: Now try logging into the machine, with "ssh 'root@10.80.0.161'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
- 测试无交互备份
[root@cdncenter rhel6]# rsync -avp root@10.80.0.161:/home/rpmpackage/saltmaster/ /mpeg/mirrors/yumwarehouse/rhel6/ Address 10.80.0.161 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! receiving file list ... done ./ PyYAML-3.10-3.1.el6.x86_64.rpm libyaml-0.1.3-4.el6_6.x86_64.rpm m2crypto-0.20.2-9.el6.x86_64.rpm openpgm-5.1.118-3.el6.x86_64.rpm python-babel-0.9.4-5.1.el6.noarch.rpm python-backports-1.0-5.el6.x86_64.rpm python-backports-ssl_match_hostname-3.4.0.2-5.el6.noarch.rpm python-chardet-2.2.1-1.el6.noarch.rpm python-jinja2-2.2.1-3.el6.x86_64.rpm python-msgpack-0.4.6-1.el6.x86_64.rpm python-requests-2.6.0-4.el6.noarch.rpm python-setuptools-0.6.10-3.el6.noarch.rpm python-six-1.9.0-2.el6.noarch.rpm python-urllib3-1.10.2-3.el6.noarch.rpm python-zmq-14.3.1-1.el6.x86_64.rpm salt-2015.5.10-2.el6.noarch.rpm salt-master-2015.5.10-2.el6.noarch.rpm zeromq3-3.2.5-1.el6.x86_64.rpm sent 422 bytes received 10028007 bytes 20056858.00 bytes/sec total size is 10025192 speedup is 1.00
- 编写脚本
#!/bin/sh rsync -az --delete root@10.80.0.161:/home/rpmpackage/saltmaster/ /mpeg/mirrors/yumwarehouse/rhel6/
- 加到定时任务,实现定时备份
[root@cdncenter scripts]# chmod +x rsync-ssh-get.sh [root@cdncenter rhel6]# crontab -e
10 3 * * * * sh /server/scripts/rsync-ssh-get.sh &
rsync.log日志中的报错和解决办法:
Address 10.80.0.161 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
原因:在用key认证的时候,也会出现,很是烦人,用监测工具,自动login的时候,出现这种提示,会自动关闭.
解决办法:
修改客户端(10.80.0.161)的/etc/ssh/sshd_config ,把参数GSSAPIAuthentication no,然后重启sshd服务;
---未完待续