Sunday, 2 August 2009

Passwordless SSH using public/private keys

Including how to set up rsync and unison (syncronisation software)

Here is a list of the steps that I had to do to get automatic replication of /home/folder1 (or any other folder) on one server to /home/folder2 on another server:

Passwordless SSH

To get replication working securly you firstly need to be able to connect via SSH without using passwords:

First server setup

ssh-keygen -t dsa

(press enter twice to give a blank password)

cd

vi .ssh/.config

Press "i" to enter insert mode and copy this into the file:

Host remotehost

User remoteuser
Compression yes
Protocol 2
RSAAuthentication yes
StrictHostKeyChecking no
ForwardAgent yes
ForwardX11 yes
IdentityFile /home/localuser/.ssh/id_remotehost_dsa

Do NOT change the last line - it is supposed to say remotehost (not an actual host name). Now,

:wq

(save and exit vi)

chmod 700 .ssh


vi .ssh/id_dsa.pub

It should look like this:

ssh-dss AAAA..............v root@HOSTNAMEOFSRV01

where there is lots of random letters/numbers where the dots are. Select it all and copy it. Make sure that it is all on one line with no spaces at the start or finish (which will happen if you copy it using putty on windows; test it by pasting it into notepad)
Tip: To copy from putty on windows select the text from within vi and pres Ctrl + Shift. To paste text enter insert mode and press the right mouse button.

Second Server Setup

cd

vi .ssh/authorized_keys

Enter insert mode (press i) and paste the key, again ensuring that there are no spare newlines or spaces. Save the file and exit vi (press :wq then return, as above). Now you just need to set some permissions otherwise SSH will ignore the files you just created:

chmod 700 .ssh

chmod 644 .ssh/authorized_keys

Testing passwordless SSH

On the first server, type

ssh srv02

where srv02 = the hostname of the second server. It could be an IP address too.

If it just logs you in (no passwords), then you are done. If not double check the above and start google searching your errors or email me and I will try to help. The next bit will certainly fail if you can't make an SSH connection.


Replication

You have two options for replication: Unison and Rsync.

· Rsync is one-way (will overwrite changes on the second server).

· Unison is two-way (will allow changes on both servers (though clearly not at the same time!)

Setting up RSYNC

Skip to the Unison section if you want two-way replication

Rsync is normally installed so I will not go through installing it. To make the rsync connection run the following command on srv01:

rsync -e ssh -avz --delete /home/folder1/ srv02hostname:/home/folder2

again, where srv02 is the hostname or IP of srv02. This will make /home/folder2 on srv02 (the second server) identical to /home/folder1 (be aware that this will delete all files in /home/folder2 on srv02 that are not in /home/folder1 on srv01!)

You can put as many of these as you line in the crontab (crontab -e). You now have rsync set up: congratulations.

Setting up UNISON

cd /bin

wget http://www.cis.upenn.edu/~bcpierce/unison/download/stable/latest/unison.linux-textui
mv unison.linux-textui unison
chmod +x unison

Then run this example at the first cluster to sync /var/www/html/ directories on both:

unison /var/www/html ssh://srv02hostname//var/www/html -batch

again, where srv02 is the hostname or IP of srv02

This will take a very long time to run for the first time but is very quick after that.

You can put as many of these as you line in the crontab (crontab -e). You now have unison set up: congratulations.

No comments: