unix linux Rsync + SSH Server automated backup encryption

1. Preface

Since the 911 ... after the events in different places on the redundancy of the often heard people mention the name ... but is less to see the full discussion of this ... just because there is a need to ... have to study the way this thing ... take a look at how we are all in different places is redundant for the .. under a little bit of personal experience ...

This is divided into three parts ... one-way Trusted SSH Authorized ... Rsync ... Crontab .... Let us put aside the transfer speed for that ... as well as the time difference in different places ... Backup Solutions believe that such Most people should be able to satisfy the demand for it ...

II. Ready

Test System: Red Hat Linux 7.3 to Red Hat 7.3 ... Local side need to start Rsync ... package openssh-3.4p1-1

** Assumptions: A (10.0.0.1) to B (192.168.0.1) to do remote backup

PS: a clear role to the top ... of course you want to do down the line also ...

Reference Site: http://www.fanqiang.com/a6/b7/20010908/1305001258_b.Html

III. The beginning of implementation

1. The completion of a one-way Trusted SSH Authorized:

I would like to A (10.0.0.1) to B (192.168.0.1) to do remote backup ... so I use for A it SSH?

B to B do not need to enter a password when the ... ... User is the Root ... SSH Version2 version .. First of all, first in the A (10.0.0.1) have a public / private dsa key pair ..

[root @ mondeo home] # cd / root / .ssh /

[root @ mondeo. ssh] # ssh-keygen-d

Generating public / private dsa key pair.

Enter file in which to save the key (/ root / .ssh / id_dsa):

Enter passphrase (empty for no passphrase): <- here not to fight passphrase .. next time will not be asked passWord

Enter same passphrase again:

Your identification has been saved in / root / .ssh / id_dsa.

Your public key has been saved in / root / .ssh / id_dsa.pub.

The key fingerprint is:

11:22:33:44:55:66:77:88:99:00:11:22:33:44:55:66 root@mondeo.adj.idv.tw

[root @ mondeo. ssh] #

At this time the system will see two files now ... id_dsa and id_dsa.pub into the id_dsa.pub to 192.168.0.1 and changed its name to authorized_keys2

[root @ mondeo. ssh] # scp id_dsa.pub 192.168.0.1: / root/.ssh/authorized_keys2

root@192.168.0.1 's password:

id_dsa.pub 100% ********************************************* ****************

************** 612 00:00

[root @ mondeo. ssh] #

Now you can run ssh 192.168.0.1 to see if we can log in without having to enter a password ...

2. Use rsync to do Remote sync:

About rsync features:

rsync is a unix-like system backup of the data mirroring tools, from the name can be seen on the remote sync.

Its characteristics are as follows:

1, can save the whole image and the file system directory tree.

2, can be very easy to keep the original files, the time and so on.

3, there is no need to install special permissions.

4, optimization of processes, file transfer and high efficiency.

5, you can use rcp, ssh to transfer files, etc., of course, can also direct socket connection.

6, support for anonymous transmission.

First of all, first of the B (192.168.0.1) to the Server on up Rsync ...

[root @ linux /] # chkconfig - list rsync

rsync off

[root @ linux /] # chkconfig rsync on

Now, I in A (10.0.0.1) on the construction of a Backup Directory ... then B (192.168.0.1) with the mysql

html catalog backup done in different places ... even write a simple script as follows:

[root @ mondeo /] # mkdir backup

[root @ mondeo backup] # vi sync


rsync-avlR - delete-e ssh 192.168.0.1: / var / lib / mysql / backup / | | echo "rsync failed" | mail adminS@126.com

rsync-avlR - delete-e ssh 192.168.0.1: / var / www / html / backup /> / dev / null 2> & 1

[root @ mondeo backup] # chmod 700 sync



Parameters of significance are as follows:

-v: to tell rsync to carry out the details of the operation and explained how the ongoing operation of the system

-a: to tell rsync to copy the source directory of all files and directories.

-l, - links

When symlinks are encountered, recreate the symlink on the destination.

-R, - relative

Use relative paths. Retain the relative path ... it will not let parent subdirectory crowded with the same level ...

- delete

Server-side means that if a file is deleted, then the client corresponding to the deletion of the document, and maintain a genuine consensus.

-e ssh

To establish an encrypted connection.

Parameters varies from person to person ... you can use man rsync to use more parameters ...

Test to see:

[root @ mondeo backup] #. / sync

receiving file list ... done ... donewrote 16 bytes read 107 bytes 82.00

bytes / sectotal size is 0 speedup is 0.00receiving file list ...

done ... donewrote 16 bytes read 921 bytes 624.67 bytes / sectotal size is

308331 speedup is 329.06 [root @ mondeo backup] #



.... Did not ask for a password to see and copy the files over no problem Hello .... Of course, you can be a long-range changes in the data ... to see if you really sync ....

3. Crontab to make the use of automated scheduling:

After being set up now ... I hope the day ... 0:00 pm the night before to help me sync .... so of course, how long do you want to sync individual needs to see La ...

[root @ mondeo backup] # crontab-e

0 0 * * * / backup / sync

Set up a firewall:

SSH 22-port No.

iptables-A INPUT-i eth0-p tcp-s 10.1.1.0 / 24 - sport 1024:65535-d 192.168.0.1 - dport 22-j ACCEPT

port rsync 873

iptables-A INPUT i eth0-p tcp-s 10.1.1.0 / 24 - sport 1024:65535-d 192.168.0.1-dport 873-j ACCEPT

This is done .. the ... principle that you have automatically encrypted remote backup Hello