Using ssh keys to setup automated secure backup exchange between two servers

In this article we'll cover setting up simple backups from server1 to backupserver.

On server1 we create ssh public/private key pair with empty passphrase for root to be used to authenticate on backupserver:

[root@server1 ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/backups_key
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/backups_key.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
31:d9:4d:10:5f:b1:3d:98:8f:7b:69:db:36:6e:ab:4c root@server1
[root@server1 ~]# cat .ssh/
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvbvP+5AT9KJKBgzgaHc9gspuUycBzquQ2Mr6ngIC+QOzk9SVEbmUlQHPXr8VqM0N3KXlP4wpo14gCl1r2NhZLBpHRC5iWJF8eOQeeeEM9a3ulDAPMkL6M/YsupdLkdIrokxdqijiWjvnNebx0BvdsQyLjvqKf1dmxz4jmDvvoKHKYL/kqZ/Pcvku5D4Y/5L15MXZXl2CkPZJ4eVHdn0K5Hhvfn/OKWXxblqfOJ6AEkTIfKbDhhil6sm9BxxrSCYzi1Px1CNLPv6u44IfRvLeNH/V9Bvyd0Yh8yhssYkYrxBLuLVSZwSGUPjs8MkBh8TOIhSwF+VWXjbhI7IPnxhhQQ== root@server1

On backupserver we create unprivileged user backups1 with home folder /backups/server1 where backups from server1 will be stored:
[root@backupserver ~]# useradd backups1 -d /backups/server1 
Login with the newly created user and add the above fingerprint to ~/.ssh/authorized_keys file (create it if neccessary):

[root@backupserver ~]# su - backups1
[backups1@backupserver ~]$ mkdir -p ~/.ssh
[backups1@backupserver ~]$ chmod 700 ~/.ssh
[backups1@backupserver ~]$ echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvbvP+5AT9KJKBgzgaHc9gspuUycBzquQ2Mr6ngIC+QOzk9SVEbmUlQHPXr8VqM0N3KXlP4wpo14gCl1r2NhZLBpHRC5iWJF8eOQeeeEM9a3ulDAPMkL6M/YsupdLkdIrokxdqijiWjvnNebx0BvdsQyLjvqKf1dmxz4jmDvvoKHKYL/kqZ/Pcvku5D4Y/5L15MXZXl2CkPZJ4eVHdn0K5Hhvfn/OKWXxblqfOJ6AEkTIfKbDhhil6sm9BxxrSCYzi1Px1CNLPv6u44IfRvLeNH/V9Bvyd0Yh8yhssYkYrxBLuLVSZwSGUPjs8MkBh8TOIhSwF+VWXjbhI7IPnxhhQQ== root@server1" >> ~/.ssh/authorized_keys
[backups1@backupserver ~]$ chmod og-w ~/.ssh/*

Now everything should be set. Make a test connection from server1 to backupserver:

[root@server1 ~]# ssh -i ~/.ssh/backups_key -l backups1 backupserver 
[backups1@backupserver ~]$
Next is to prepare some basic backup script. We will use a file to list all things that need to be backed up - backup-items.txt. Here's the script

# file containing list of items to backup
# temporary backup location
# remote host
# remote username
# ssh key file
# remote path to drop backup in
log_line () {
    echo "[${log_time}] $@"

fail_script () {
    log_line $@
    exit 1

log_line "Backup process started"

archive_date=`date "+%F-%H-%M-%S"`

log_line "Creating archive $archive_name from the following items:"

tar -zc -T $ITEMS_FILE -f $archive_name || fail_script "Cannot create archive"

log_line "File created, transferring to $REMOTE_HOST"

scp -i $REMOTE_KEY $archive_name $REMOTE_USER@$REMOTE_HOST:$REMOTE_PATH || fail_script "Cannot transfer file"

log_line "File transfered, removing local copy"

rm -f $archive_name || fail_script "Failed to remove local copy"

log_line "Backup completed"

Add some sample files/folders to backup-files.txt, for example:

Add the following line to root crontab on server1:

3 3 * * * /bin/bash /root/

And now you are set to go. Every night at 03:03 a backup of /etc and /root folder will be sent to backupserver.


No comments yet

Back to articles list

This page was last modified on 2024-03-03 14:24:25