Using ssh keys to setup automated secure backup exchange between two servers
In this article we'll cover setting up simple backups from server1 to backupserver.On server1 we create ssh public/private key pair with empty passphrase for root to be used to authenticate on backupserver:
[root@server1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/backups_key
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/backups_key.
Your public key has been saved in /root/.ssh/backups_key.pub.
The key fingerprint is:
31:d9:4d:10:5f:b1:3d:98:8f:7b:69:db:36:6e:ab:4c root@server1
[root@server1 ~]# cat .ssh/backups_key.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvbvP+5AT9KJKBgzgaHc9gspuUycBzquQ2Mr6ngIC+QOzk9SVEbmUlQHPXr8VqM0N3KXlP4wpo14gCl1r2NhZLBpHRC5iWJF8eOQeeeEM9a3ulDAPMkL6M/YsupdLkdIrokxdqijiWjvnNebx0BvdsQyLjvqKf1dmxz4jmDvvoKHKYL/kqZ/Pcvku5D4Y/5L15MXZXl2CkPZJ4eVHdn0K5Hhvfn/OKWXxblqfOJ6AEkTIfKbDhhil6sm9BxxrSCYzi1Px1CNLPv6u44IfRvLeNH/V9Bvyd0Yh8yhssYkYrxBLuLVSZwSGUPjs8MkBh8TOIhSwF+VWXjbhI7IPnxhhQQ== root@server1
On backupserver we create unprivileged user backups1 with home folder /backups/server1 where backups from server1 will be stored:
[root@backupserver ~]# useradd backups1 -d /backups/server1Login with the newly created user and add the above fingerprint to ~/.ssh/authorized_keys file (create it if neccessary):
[root@backupserver ~]# su - backups1
[backups1@backupserver ~]$ mkdir -p ~/.ssh
[backups1@backupserver ~]$ chmod 700 ~/.ssh
[backups1@backupserver ~]$ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvbvP+5AT9KJKBgzgaHc9gspuUycBzquQ2Mr6ngIC+QOzk9SVEbmUlQHPXr8VqM0N3KXlP4wpo14gCl1r2NhZLBpHRC5iWJF8eOQeeeEM9a3ulDAPMkL6M/YsupdLkdIrokxdqijiWjvnNebx0BvdsQyLjvqKf1dmxz4jmDvvoKHKYL/kqZ/Pcvku5D4Y/5L15MXZXl2CkPZJ4eVHdn0K5Hhvfn/OKWXxblqfOJ6AEkTIfKbDhhil6sm9BxxrSCYzi1Px1CNLPv6u44IfRvLeNH/V9Bvyd0Yh8yhssYkYrxBLuLVSZwSGUPjs8MkBh8TOIhSwF+VWXjbhI7IPnxhhQQ== root@server1" >> ~/.ssh/authorized_keys
[backups1@backupserver ~]$ chmod og-w ~/.ssh/*
Now everything should be set. Make a test connection from server1 to backupserver:
[root@server1 ~]# ssh -i ~/.ssh/backups_key -l backups1 backupserverNext is to prepare some basic backup script. We will use a file to list all things that need to be backed up - backup-items.txt. Here's the script backup.sh:
[backups1@backupserver ~]$
#!/bin/bash
# file containing list of items to backup
ITEMS_FILE="/root/backup-items.txt"
# temporary backup location
TMP_DIR=/tmp
# remote host
REMOTE_HOST=backupserver
# remote username
REMOTE_USER=backups1
# ssh key file
REMOTE_KEY=/root/.ssh/backups_key
# remote path to drop backup in
REMOTE_PATH=/backups/server1
log_line () {
log_time=`date`
echo "[${log_time}] $@"
}
fail_script () {
log_line $@
exit 1
}
log_line "Backup process started"
archive_date=`date "+%F-%H-%M-%S"`
archive_name="${TMP_DIR}/${archive_date}.tar.gz"
log_line "Creating archive $archive_name from the following items:"
cat $ITEMS_FILE
tar -zc -T $ITEMS_FILE -f $archive_name || fail_script "Cannot create archive"
log_line "File created, transferring to $REMOTE_HOST"
scp -i $REMOTE_KEY $archive_name $REMOTE_USER@$REMOTE_HOST:$REMOTE_PATH || fail_script "Cannot transfer file"
log_line "File transfered, removing local copy"
rm -f $archive_name || fail_script "Failed to remove local copy"
log_line "Backup completed"
Add some sample files/folders to backup-files.txt, for example:
/etc
/root
Add the following line to root crontab on server1:
3 3 * * * /bin/bash /root/backup.sh
And now you are set to go. Every night at 03:03 a backup of /etc and /root folder will be sent to backupserver.
No comments yet
This page was last modified on 2025-04-30 08:33:06