014 Linux : scp without password

Post date: 2015/8/3 下午 02:20:41

今天某一台DB的archie log 備份主機掛了,必須將archive log 備份到另外一台主機上,

備份的方式是透過scp定期將 archive log 複製一份到另一台主機,

因為scp指令不能帶password,因此在上crontab 之前,除了修改script 之外,還需要在新的主機上進行認證的動作

環境

DB Site

IP : 192.168.1.1

ID : oracle

Backup Site

IP : 192.168.1.2

ID : oracle

相關步驟如下

1. Create Private/Public key on DB Site

首先在DB端oracle 的 透過ssh-keygen 指令來建立private/public key, ssh-keygen 可以選擇rsa或dsa 演算法

01
02
03
04
05
06
07
08
09
10
11
12
13
14
[oracle@db ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.

Enter file in which to save the key (/home/oracle/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/oracle/.ssh/id_rsa.

Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.

The key fingerprint is:
a1:30:6e:24:ba:dc:02:69:a1:44:f6:a2:39:6b:08:cf oracle@tpebiz02T

[oracle@db ~]$ ls -ltr

-rw-r--r--  1 oracle dba      226 May 20 17:17 id_rsa.pub
-rw-------  1 oracle dba      883 May 20 17:17 id_rsa

執行完後會在/home/oracle/.ssh/id_rsa 看到兩個檔案

1. id_rsa (private key)

2. id_rsa.pub (pbulic key)

注意事項

1. id_rsa 的權限必須是-rw-------,

2. id_rsa 屬於oracle這個user,

3. id_rsa 必須放在$HOME/.ssh 目錄下

2. Copy public key to Backup site

在DB 端建立好 private/public key 之後,接下來則是將id_rsa.pub ( public key copy) 到backup 主機上

然後將剛剛 id_rsa.pub 資料附加到 authorized_keys 這個檔案內

1
01
02
03
04
05
06
07
08
09
10

[oracle@db ~]$ scp ~/.ssh/id_rsa.pub oracle@192.168.1.2:~

[oracle@backup ~]$ mkdir .ssh

[oracle@backup ~]$ chmod 700 .ssh

[oracle@backup ~]$ ls -ld .ssh

drwx------ 2 oracle dba 4096  May  20 17:20 .ssh

[oracle@backup ~]$ cat id_rsa.pub >> .ssh/authorized_keys

[oracle@backup ~]$ chmod 644 .ssh/authorized_keys

[oracle@backup ~]$ ls -l .ssh

-rw-r--r-- 1 oracle dba 4096  May  20 17:20 authorized_keys

注意事項

1. .ssh 目錄,權限需要為 700

2. authorized_keys 權限需要為 644