Remote SSH Login Without Password, Execute Command Via SSH and Backup Data Using Rsync
Secure Shell or SSH is a network protocol that allows encrypted data transfer and password between networks. SSH protocol is commonly used for remote server management. It gives us safe and secure path to work on remote machines.
Each time while we access a remote machine via ssh protocol, we need to manually enter the password. This would be a tough job during the repeated access. More server logins are easier via ssh key pair. This technology doesn’t require password for login. Private and public keys are used for this purpose. It is important to keep your keys secure, otherwise our server get hacked by others.
We use ssh key pair for remote login and execution of commands via ssh.
First check whether SSH keys are present.
# ls ~/.ssh/
If not generate new SSH keys.
# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): NewPassword
Enter same passphrase again: NewPassword
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
* Generate SSH pair using new password.
* Don’t use the same root password.
Secure SSH folder with permission.
# chmod 755 ~/.ssh/
Copy the generated id_dsa.pub to remote server. Using “ssh-copy-id” is secure than “scp” command.
# ssh-copy-id -i ~/.ssh/id_dsa.pub root@remoteserver
ssh key pair generation
Now try logging into the machine, with “ssh ‘root@remoteserver'”, and check in:
to make sure we haven’t added extra keys that you weren’t expecting.
Login into remote server.
# ssh remote server
Prompt ask for password. Enter the password used during the generation of SSH key.
Enter passphrase for key ‘/root/.ssh/id_dsa':
Security can increase using SSH Agent
SSH Remote Login Without Password.
check the status of identities,
# ssh-add -L
The agent has no identities.
Add ssh identities
Enter passphrase for /root/.ssh/id_dsa:
Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa)
After adding check the status using,
# ssh-add -L
ssh-dss AAAAB3NzaC1kc3MAAACBALrFcmm ……….= /root/.ssh/id_dsa
Now happily login remote server without password.
# ssh user@remoteserver
Execute Command On Remote Server via SSH
We are able to run commands on remote server without login. Some examples are given below,
# ssh root@remoteserver 'ps -ef | grep apache | grep -v grep | wc -l'
ssh root@remoteserver 'top -b -n 1 | head -n 10'
top – 21:29:08 up 53 days, 23:30, 3 users, load average: 0.15, 0.07, 0.01
Tasks: 107 total, 1 running, 106 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.2%us, 0.1%sy, 0.0%ni, 99.0%id, 0.4%wa, 0.1%hi, 0.2%si, 0.0%st
Mem: 4037612k total, 4009164k used, 28448k free, 236620k buffers
Swap: 4096496k total, 144k used, 4096352k free, 3297004k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 15 0 10344 684 572 S 0.0 0.0 0:04.59 init
2 root RT -5 0 0 0 S 0.0 0.0 0:00.38 migration/0
3 root 34 19 0 0 0 S 0.0 0.0 0:02.03 ksoftirqd/0
Small Backup Script Using RSYNC
Script is scheduled on the backup storage machine via crontab.
Ruining the script will help to backup MySQL folder from remote server to another. This keep a backup copy of MySQL root folder of another machine. Logs are generated to view the data transfer between the server with actual date.
echo "-------------------------------------------------------------------------------------------------" >> /var/BACKUP/secure/log/mysql.log
/bin/date >> /var/BACKUP/secure/log/mysql.log
rsync -avz -e "ssh -i /root/.ssh/id_dsa" root@remoteserverip:/var/lib/mysql /var/BACKUP/secure/ >> /var/BACKUP/secure/log/mysql.log
root@remoteserverip:/var/lib/mysql ; is remote server from where we took MySQL folder backup and /var/BACKUP/secure/ ; is the backup location to where we store the backup.