Part 1 – Setting up SSH key authentication
First, we need to make sure the DESTSERVER has the ability to use key authentication enabled. Find your sshd configuration file (usually ‘/etc/ssh/sshd_config’) and enable the following options if they are not already set.
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
If you edit the file be sure to restart sshd afterwards.
# /etc/init.d/sshd restart
Next, on the SOURCESERVER we will create the public / private key pair to be used for authentication with the following command.
# ssh-keygen -t rsa
- Note: Do not enter a passphrase for this, just hit enter when prompted.
This should create 2 files, a public key file and a private key file. The public key file (usually [homedir]/.ssh/id_rsa.pub) we will upload to the DESTSERVER. The private key file (usually [homedir]/.ssh/id_rsa) we will keep on the SOURCESERVER.
- Be sure to keep this private key safe. With it anyone will be able to connect to the DESTSERVER that contains the public key.
Now we will plant the public key we created on to the DESTSERVER. Choose the user account which you will use to connect to on DESTSERVER, we’ll call this user ‘destuser’ for now.
In that account’s home directory, create a ‘.ssh’ subdirectory, and in that directory create a new text file called ‘authorized_keys’. If it already exists, great, use the existing file. Open the ‘authorized_keys’ file and paste in the contents of the public key you created in the previous step (id_rsa.pub). It should look something like the following
ssh-rsa <lots and lots of characters…> sourceuser@SOURCESERVER
Save the file and change the permissions to 600 for the file and 700 for the ‘.ssh’ directory.
Now to test that the keys are working. From the SOURCESERVER try logging in as normal using ssh to the DESTSERVER.
# ssh destuser@DESTSERVER
If all is working you should not be prompted for a password but instead connected directly to a shell on the DESTSERVER.
Now for the rsync script.
#!/bin/sh SOURCEPATH=’/var/svn/workingcopies/beta.app.jp/’ DESTPATH=’/var/www/lamp_root/wwwapps/app.jp’ DESTUSER=’updater’ LOGFILE=’/var/log/rsync_beta.log’ echo $’\n\n’ >> $LOGFILE for SERVER in web01 web02 do rsync -av –rsh=ssh $SOURCEPATH $DESTUSER@$SERVER:$DESTPATH 2>&1 >> $LOGFILE echo “Completed at: `/bin/date`” >> $LOGFILE done
This is optional. I assume web updates will be done manually.
Assuming everything has worked so far all that’s left is to setup a cron job to run the script automatically at a predefined interval.
Use the ‘crontab’ command to create a new cron job.
>sudo crontab -e -u updater
This will open an editor where you can schedule the job.
Enter the following to have the script run once every hour
0 * * * * /var/scripts/rsync_betajp.sh