总结:生成公钥和私钥,把公钥推送到远端,并生成authorized_keys公钥验证配置文件
rsync连接方式每次都需要输入密码;我们可以通过ssh keygen的公私钥机制来实现ssh连接时认证(做定时任务时,可能需要用到)。
1、服务器添加用户Ricky,并在家目录下创建.ssh目录(rsync服务端)
[root@backup ~]#useradd Ricky
[root@backup ~]# mkdir /home/Ricky/.ssh
.ssh目录用来存放公钥验证文件2、在客户端使用ssh-keygen生成私钥与公钥(rsync客户端)
[root@nfs01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /usr/rsync_id_dsa #为避免覆盖root的id_rsa,把私钥放到/usr/rsync_id_dsa
Enter passphrase (empty for no passphrase): #回车就行,空表示没有密码
Enter same passphrase again: #回车
Your identification has been saved in /usr/rsync_id_dsa.
Your public key has been saved in /usr/rsync_id_dsa.pub.#生成公钥
The key fingerprint is:
8a:97:ca:71:ee:99:96:3c:1e:d6:cd:76:a7:3d:69:e0 root@nfs01
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| S |
| . + o . |
| o.B.. +..... |
| . B=+ . .E++ |
| o+*. .... |
+-----------------+
You have new mail in /var/spool/mail/root3、把客户端生成的公钥推送到服务端
因为使用的Ricky用户进行验证,所以放到/home/Rikcy/.ssh目录下
[root@nfs01 ~]# scp /usr/rsync_id_dsa.pub [email protected]:/home/Ricky/.ssh
[email protected]'s password:
rsync_id_dsa.pub 100% 392 0.4KB/s 00:00 也可以使用搭建好的rsync服务推送,还是需要输入密码
[root@nfs01 ~]# rsync /usr/rsync_id_dsa.pub [email protected]:/home/Ricky/.ssh
[email protected]'s password:
[root@nfs01 ~]#4、到服务端上把公钥存放到authorized_keys配置文件中
这是ssh key验证时访问的公钥所在的配置文件。authorized_keys是不存在的,直接下面的命令就可以创建了。
[root@backup .ssh]# cat rsync_id_dsa.pub > authorized_keys
[root@backup .ssh]# chown Ricky:Ricky authorized_keys #修改该文件的属主与属组,让其成为Ricky的配置文件 5、使用rsync ssh –i 进行推送
ssh的-i参数:指定自身的私钥,并与远端的用户的公钥进行验证,验证通过则建立ssh连接进行数据交换,否则拒绝连接。
[root@nfs01 ~]# rsync -avzP -e 'ssh -p 22 -i /usr/rsync_id_dsa' /etc/hosts [email protected]:/tmp/
sending incremental file list
hosts
311 100% 0.00kB/s 0:00:00 (xfer#1, to-check=0/1)
rsync: mkstemp "/tmp/.hosts.qlgEix" failed: Permission denied (13)
sent 189 bytes received 31 bytes 440.00 bytes/sec
total size is 311 speedup is 1.41
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1039) [sender=3.0.6]这里推送数据失败,的原因是backup备份服务器上的/tmp/对于Ricky用户来说没有权限。
[root@backup Ricky]# ls -ld /tmp
drwxr-xr-x. 2 root root 4096 5月 17 02:36 /tmp重新创建一个Ricky的目录,用来接收数据
[root@backup ~]# mkdir /ricky
[root@backup ~]# chown Ricky:Ricky /ricky/
[root@backup ~]# ls -ld /ricky/
drwxr-xr-x 2 Ricky Ricky 4096 5月 17 02:43 /ricky/
[root@backup ~]#
[root@nfs01 ~]# rsync -avzP -e 'ssh -i /usr/rsync_id_dsa' /etc/hosts [email protected]:/ricky/
sending incremental file list 无需输入密码
hosts
311 100% 0.00kB/s 0:00:00 (xfer#1, to-check=0/1)
sent 189 bytes received 31 bytes 440.00 bytes/sec
total size is 311 speedup is 1.41
You have new mail in /var/spool/mail/root
[root@nfs01 ~]#
[root@backup ~]# ls /ricky/
hosts
[root@backup ~]#注意:一定要确保对应的文件和目录,访问的用户是具有权限的,否则验证不能通过,或者推送无访问权限被拒绝。