没有密码的crontab中的简单rsync

首先要做的是生成一个仅用于此备份过程的公钥对.当提示输入短语时,只需按两次输入.

ssh-keygen -t rsa -b 2048 -C "For BACkup use only"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_rsa): /root/.ssh/BACkup.id_rsa
Enter passphrase (empty for no passphrasE):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/BACkup.id_rsa.
Your public key has been saved in /root/.ssh/BACkup.id_rsa.pub.
The key fingerprint is:65:c0:cb:2b:9e:18:ff:b2:59:d4:b5:e8:ae:84:32:2b

将公钥/root/.ssh/BACkup.id_rsa.pub传输到远程主机并将其添加到/root/.ssh/authorized_keys文件中.

在远程主机上,通过添加from和command = reStrictions来限制公钥的使用.编辑/root/.ssh/authorized_keys文件,找到备份密钥并添加将运行cron作业的主机的地址/名称以及要运行的命令.当使用此密钥登录时,将运行此命令,例如

from="192.168.254.207",command="/root/checkrsync",no-port-forWARDing,no-X11-forWARDing,no-agent-forWARDing,no-pty ssh-rsa AAAAB3N...

您只能使用192.168.254.207中的此密钥,并且只能运行命令/ root / checkrsync,其他功能也已删除.

像这样编辑文件/ root / checkrsync

echo $SSH_ORIGINAL_COMMND> /tmp/rsync.cmd

保存并使其可执行

chmod 700 / root / checkrsync

一旦我们知道$SSH_ORIGINAL_COMMAND是什么,我们将稍后更改/ root / checkrsync.

在我们将运行cron作业的主机上,以交互方式运行rsync命令

/usr/bin/rsync -avz -e "/usr/bin/ssh -i /root/.ssh/BACkup.id_rsa" /source_folder root@remote.host:/desTination_folder

不要担心我们只想在远程主机上生成/tmp/rsync.cmd文件的任何错误消息

在远程主机上,请准确记录/tmp/rsync.cmd文件的@L_675_0@(它将类似于rsync –server -vlogDtprze.iLs ./desTination_folder).

在远程主机上编辑/ root / checkrsync并将其更改为

if [[ "$SSH_ORIGINAL_COMMAND" == "rsync --server -vlogDtprze.iLs . /desTination_folder" ]]
then
     $SSH_ORIGINAL_COMMAND
fi

if语句的右侧是/tmp/rsync.cmd中的右侧.

测试设置.在我们将运行cron作业的主机上,再次以交互方式运行rsync命令

/usr/bin/rsync -avz -e "/usr/bin/ssh -i /root/.ssh/BACkup.id_rsa" /source_folder root@remote.host:/desTination_folder

现在它应该正确运行,如果它然后安装到您的crontab中.

crontab -e 

* 1 * * *  /usr/bin/rsync -avz -e "/usr/bin/ssh -i /root/.ssh/BACkup.id_rsa" /source_folder root@remote.host:/desTination_folder