Lab 7 - Network Management

Alexandru Calcatinge bio photo By Alexandru Calcatinge

In this laboratory you will exercise with remote management with SSH, SSH keys, interface configuration and crontab scheduling.

Contents:

Lab 7.1 Working with SSH

Lab objective 1: remotely manage a Linux Server with SSH
Lab objective 2: copy files over the internet with SCP

Lab 7.2 Network configuration

Lab objective 3: static configuration of a network interface
Lab objective 4: adding a static hostname
Lab objective 5: adding a network interface alias

Lab 7.3 Schedulling

Lab objective 6: schedule tasks with cron and crontab

 


Laboratory objective 1: remotely manage a Linux Server with SSH

On this laboratory we will use openSUSE as our base system. We will assume that you already have a fully working server somewhere outside your LAN, or, if you don’t have one, we could assume that you will have a virtual machine working as a server. We will also assume that your working server will have SSH support installed and that the SSH server will be listening on the default 22 port.

1 connect to the virtual machine server using the ssh command:

alexandru@linux-c4rz:~> ssh alexandru@192.168.122.195
Password: 
Last login: Tue Sep 19 17:08:51 2017 from 192.168.122.1
Have a lot of fun...
alexandru@linux-inva:~>

2 now connect to an external server using the following command:

alexandru@linux-c4rz:~> ssh -p 3125 alexandru@87.153.213.125
alexandru@87.153.213.125's password: 
Linux debian 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Sep 19 09:21:29 2017 from 94.135.82.141

This server is running LAMP

alexandru@debian:~$

You are now connected to the server from your local Linux machine. Thus, we can continue to the following exercise using scp.

 

↑Top


Laboratory objective 2: copy files over the internet with SCP

As you are already connected to your server, we will assume that you will want to backup it to your local system. In order to do this, we will run the command scp, which means “secure copy”.

To copy a file/directory from your remote server to your local system we will first create a tar compressed archive of the directory you want to copy over the network. Then you will copy the archive to your local system.

1 create an archive on the server:

tar -czvf 20170919_www_backup.tar.gz /var/www

2 copy the archive from the server to the local system (this assumes that you are at a terminal on your local system):

alexandru@linux-c4rz:~> scp -P 2222 alexandru@87.153.213.125:/home/alexandru/20170919_www_backup.tar.gz .
alexandru@87.153.213.125's password: 
20170919_www_backup.tar.gz 85% 333MB 0.1KB/s

 

↑Top


Laboratory objective 3: static configuration of a network interface

We use openSUSE as the base system for this exercise.

1 show your IP address, default route DNS settings for Ethernet port. Keep a copy of them for future exercises.

alexandru@linux-c4rz:~> ifconfig
Absolute path to 'ifconfig' is '/sbin/ifconfig', so running it may require superuser privileges (eg. root).
alexandru@linux-c4rz:~> sudo ifconfig
[sudo] password for root: 
eth0 Link encap:Ethernet HWaddr F4:4D:30:61:4B:83 
 inet addr:192.168.0.19 Bcast:192.168.0.255 Mask:255.255.255.0
 inet6 addr: fe80::f64d:30ff:fe61:4b83/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:116493 errors:0 dropped:0 overruns:0 frame:0
 TX packets:47840 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:152303865 (145.2 Mb) TX bytes:4256922 (4.0 Mb)
 Interrupt:20 Memory:aa100000-aa120000

lo Link encap:Local Loopback 
 inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:65536 Metric:1
 RX packets:816 errors:0 dropped:0 overruns:0 frame:0
 TX packets:816 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1 
 RX bytes:65920 (64.3 Kb) TX bytes:65920 (64.3 Kb)

virbr0 Link encap:Ethernet HWaddr 52:54:00:80:C2:60 
 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:62 errors:0 dropped:0 overruns:0 frame:0
 TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:4457 (4.3 Kb) TX bytes:5651 (5.5 Kb)

vnet0 Link encap:Ethernet HWaddr FE:54:00:5B:7D:9F 
 inet6 addr: fe80::fc54:ff:fe5b:7d9f/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:62 errors:0 dropped:0 overruns:0 frame:0
 TX packets:142 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:5325 (5.2 Kb) TX bytes:12788 (12.4 Kb)

alexandru@linux-c4rz:~> sudo ifconfig eth0
eth0 Link encap:Ethernet HWaddr F4:4D:30:61:4B:83 
 inet addr:192.168.0.19 Bcast:192.168.0.255 Mask:255.255.255.0
 inet6 addr: fe80::f64d:30ff:fe61:4b83/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:116515 errors:0 dropped:0 overruns:0 frame:0
 TX packets:47865 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:152306469 (145.2 Mb) TX bytes:4259741 (4.0 Mb)
 Interrupt:20 Memory:aa100000-aa120000

alexandru@linux-c4rz:~> route -n
Absolute path to 'route' is '/sbin/route', so running it may require superuser privileges (eg. root).
alexandru@linux-c4rz:~> sudo route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
alexandru@linux-c4rz:~>

Notice that, under openSUSE, you will need to be root in order to run those commands!

Now copy the resolv file:

alexandru@linux-c4rz:~> cp /etc/re
request-key.conf request-key.d/ resolv.conf 
alexandru@linux-c4rz:~> cp /etc/resolv.conf resolv.conf.backup

2 bring down eth0 and reconfigure it to use a static address instead of DHCP, using the information from your previous commands:

alexandru@linux-c4rz:~> sudo ifconfig eth0 down

Now, depending on your system, you should edit the following files:

for Red Hat/CentOS: /etc/sysconfig/network-scripts/ifcfg-eth0

for openSUSE/SLES: /etc/sysconfig/network

for Debian/Ubuntu: /etc/networking/interfaces

If you run a Red Hat based system, inside that file you should have the following lines:

DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR="from your ifconfig output"
NETMASK="from your ifconfig output"
GATEWAY="from your ifconfig output"

On SUSE and Debian, the specified files should have the following lines:

iface eth0 inet static
address "from ifconfig output"
netmask "from ifconfig output"
gateway "from ifconfig output"

3 bring the interface back up and configure the nameserver resolver with the information that you noted before. Verify your hostname and then ping it:

alexandru@linux-c4rz:~> sudo ifconfig eth0 up
alexandru@linux-c4rz:~> sudo cp resolv.conf.backup /etc/resolv.conf
alexandru@linux-c4rz:~> cat /etc/sysconfig/network
alexandru@linux-c4rz:~> cat /etc/hosts
alexandru@linux-c4rz:~> ping linux-c4rz

4 make sure your configuration works after reboot:

alexandru@linux-c4rz:~> sudo reboot
alexandru@linux-c4rz:~> ping linux-c4rz

 

↑Top


Laboratory objective 4: adding a static hostname

1 open /etc/hosts and add an entry for mysystem.mydomain that will point to the IP address associated with your network card

alexandru@linux-c4rz:~> sudo echo "192.168.0.19 mysystem.mydomain" >> /etc/hosts
bash: /etc/hosts: Permission denied
alexandru@linux-c4rz:~> sudo su
[sudo] password for root: 
linux-c4rz:/home/alexandru # echo "192.168.0.19 mysystem.mydomain" >>/etc/hosts
hosts hosts.allow hosts.deny hosts.equiv hosts.lpd 
linux-c4rz:/home/alexandru # echo "192.168.0.19 mysystem.mydomain" >>/etc/hosts
hosts hosts.allow hosts.deny hosts.equiv hosts.lpd 
linux-c4rz:/home/alexandru # echo "192.168.0.19 mysystem.mydomain" >>/etc/hosts
linux-c4rz:/home/alexandru # cat /etc/hosts
#
# hosts This file describes a number of hostname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
# On small systems, this file can be used instead of a
# "named" name server.
# Syntax:
# 
# IP-Address Full-Qualified-Hostname Short-Hostname
#

127.0.0.1 localhost

# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback

fe00::0 ipv6-localnet

ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts

192.168.0.19 mysystem.mydomain
linux-c4rz:/home/alexandru # ping mysystem.mydomain
PING mysystem.mydomain (192.168.0.19) 56(84) bytes of data.
64 bytes from mysystem.mydomain (192.168.0.19): icmp_seq=1 ttl=64 time=0.042 ms
64 bytes from mysystem.mydomain (192.168.0.19): icmp_seq=2 ttl=64 time=0.032 ms
64 bytes from mysystem.mydomain (192.168.0.19): icmp_seq=3 ttl=64 time=0.028 ms
64 bytes from mysystem.mydomain (192.168.0.19): icmp_seq=4 ttl=64 time=0.032 ms
^C
--- mysystem.mydomain ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.028/0.033/0.042/0.007 ms

2 add a secondary entry that will make all references to ad.doubleclick.net point to 127.0.0.1

echo "127.0.0.1  ad.doubleclick.net" >> /etc/hosts
ping ad.doubleclick.net

3 an optional exercise is to download http://winhelp2002.mvps.org/hosts.txt and install it on your system. Notice any difference using your browser with the new host file in place.

wget http://winhelp2002.mvps.org/hosts.txtsudo cat hosts.txt >> /etc/hosts

 

↑Top


Laboratory objective 5: adding a network interface alias

Configure your system with a new network device alias name eth0:0 which uses a new IP address you will select. The address should be persistent. Bring the device up and test it.

linux-c4rz:/home/alexandru # cd /etc/sysconfig/network/
linux-c4rz:/etc/sysconfig/network # ls -l
total 56
-rw-r--r-- 1 root root 9692 Sep 19 09:11 config
-rw-r--r-- 1 root root 11495 Sep 19 09:26 dhcp
drwxr-xr-x 1 root root 66 Sep 19 09:09 if-down.d
drwxr-xr-x 1 root root 116 Sep 19 09:25 if-up.d
-rw-r--r-- 1 root root 163 Sep 19 09:11 ifcfg-eth0
-rw------- 1 root root 147 Sep 19 09:11 ifcfg-lo
-rw-r--r-- 1 root root 21738 May 10 02:42 ifcfg.template
drwx------ 1 root root 0 May 10 02:26 providers
drwxr-xr-x 1 root root 206 Sep 19 09:26 scripts
linux-c4rz:/etc/sysconfig/network # cp ifcfg-eth0 ifcfg-eth0:0

Now edit the new file. The original contents of the file are:

BOOTPROTO='dhcp'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR=''
MTU=''
NAME=''
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
DHCLIENT_SET_DEFAULT_ROUTE='yes'

and you will change them to:

BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='192.168.0.25'
MTU=''
NAME=''
NETMASK='255.255.255.0'
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
DHCLIENT_SET_DEFAULT_ROUTE='no'

bring the device up with ifconfig, ifup or ip:

sudo ifconfig eth0:0 upsudo service network restartsudo ping 192.168.0.25

 

↑Top


Laboratory objective 6:schedule tasks with cron and crontab

This exercise is a very useful one, not only with regard to network management, but I put here as it is mostly related to network tasks and backups. There are two important aspects of using crontabs.

1 Lets say that you have a server on which you run your personal blog. In order to be safe you need to make constant backups of the website. I would recommend a backup every night, weekly and monthly.

We will use a script to do the job for us. This script will be created in three versions, for daily, weekly and monthly jobs. Here is the output for all of them:

alexandru@debian:~/backup$ cat backup_script_daily.sh 
#!/bin/bash

THESITE="xxxxxxxx"
THEDB="xxxxxxxx"
THEDBUSER="xxxxxxxx"
THEDBPW="**********"
THEDATE=`date +%d%m%y%H%M`

mysqldump -u $THEDBUSER -p${THEDBPW} $THEDB | gzip > /home/alexandru/backup/daily/${THEDATE}_${THEDB}.bak.gz

tar czf /home/alexandru/backup/daily/${THEDATE}_${THESITE}.tar.gz /ar/www/$THESITE/public_html/

find /home/alexandru/backup/daily/*.tar.gz -mtime +7 -exec rm {} \;
find /home/alexandru/backup/daily/*.bak.gz -mtime +7 -exec rm {} \;
alexandru@debian:~/backup$ cat backup_script_weekly.sh 
#!/bin/bash

THESITE="xxxxxxxx"
THEDB="xxxxxxxx"
THEDBUSER="xxxxxxxx"
THEDBPW="**********"
THEDATE=`date +%d%m%y%H%M`

mysqldump -u $THEDBUSER -p${THEDBPW} $THEDB | gzip > /home/alexandru/backup/weekly/${THEDATE}_${THEDB}.bak.gz

tar czf /home/alexandru/backup/weekly/${THEDATE}_${THESITE}.tar.gz /var/www/$THESITE/public_html/

find /home/alexandru/backup/weekly/*.tar.gz -mtime +7 -exec rm {} \;
find /home/alexandru/backup/weekly/*.bak.gz -mtime +7 -exec rm {} \;
alexandru@debian:~/backup$ cat backup_script_monthly.sh 
#!/bin/bash

THESITE="xxxxxxxx"
THEDB="xxxxxxxx"
THEDBUSER="xxxxxxxx"
THEDBPW="**********"
THEDATE=`date +%d%m%y%H%M`

mysqldump -u $THEDBUSER -p${THEDBPW} $THEDB | gzip > /home/alexandru/backup/monthly/${THEDATE}_${THEDB}.bak.gz

tar czf /home/alexandru/backup/monthly/${THEDATE}_${THESITE}.tar.gz /var/www/$THESITE/public_html/

find /home/alexandru/backup/monthly/*.tar.gz -mtime +7 -exec rm {} \;
find /home/alexandru/backup/monthly/*.bak.gz -mtime +7 -exec rm {} \;
alexandru@debian:~/backup$

Let us explain what the script does. First we set local variables for the website name, database name, database user and password and the current date. After that, the first command would be to backup the mysql database with the mysqldump command, using variables from above. Then, there is a command to archive and compress the contents of the public_html directory inside the backup directory using the current date and website name in the filename. The last two commands would find and delete any backup files that are older than 7 days.

As your space would quite rapidly fill up, you should also consider deleting those manually every now and then, if there are no problems with the website. Also, you could copy them to your local machine every week or so. I will show you how a bit later.

And here is the steps we took to create the crontabs:

alexandru@debian:~$ cd backup/
alexandru@debian:~/backup$ ls -l
total 12
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 daily
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 monthly
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 weekly
alexandru@debian:~/backup$ #in this backup directory we have already created three different sub-directories named daily, monthly and weekly
alexandru@debian:~/backup$ #inside this directory we will create a script to help us do the job
alexandru@debian:~/backup$ #the script will be named backup_script.sh
alexandru@debian:~/backup$ touch backup_script.sh
alexandru@debian:~/backup$ sudo vim backup_script.sh 
[sudo] password for alexandru: 
alexandru@debian:~/backup$ sudo mv backup_script.sh backup_script_daily.sh
[sudo] password for alexandru: 
alexandru@debian:~/backup$ ls -l
total 16
-rw-r--r-- 1 alexandru alexandru 350 Sep 20 11:21 backup_script_daily.sh
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 daily
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 monthly
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 weekly
alexandru@debian:~/backup$ cp backup_script_daily.sh backup_script_weekly.sh 
alexandru@debian:~/backup$ cp backup_script_weekly.sh backup_script_monthly.sh
alexandru@debian:~/backup$ sudo vim backup_script_weekly.sh 
alexandru@debian:~/backup$ sudo vim backup_script_monthly.sh 
alexandru@debian:~/backup$ sudo chmod +x backup_script_daily.sh backup_script_weekly.sh backup_script_monthly.sh 
alexandru@debian:~/backup$ crontab -e
no crontab for alexandru - using an empty one

Select an editor. To change later, run 'select-editor'.
 1. /bin/nano <---- easiest
 2. /usr/bin/vim.basic
 3. /usr/bin/vim.tiny

Choose 1-3 [1]: 2
crontab: installing new crontab
alexandru@debian:~/backup$ crontab -l
# Edit this file to introduce tasks to be run by cron.
# 
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
# 
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').# 
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
# 
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
# 
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
# 
# For more information see the manual pages of crontab(5) and cron(8)
# 
# m h dom mon dow command

@midnight /home/alexandru/backup/backup_script_daily.sh
@weekly /home/alexandru/backup/backup_script_weekly.sh
@monthly /home/alexandru/backup/backup_script_monthly.sh

alexandru@debian:~/backup$ mkdir x_logs
alexandru@debian:~/backup$ ls -l
total 28
-rwxr-xr-x 1 alexandru alexandru 350 Sep 20 11:21 backup_script_daily.sh
-rwxr-xr-x 1 alexandru alexandru 354 Sep 20 11:23 backup_script_monthly.sh
-rwxr-xr-x 1 alexandru alexandru 352 Sep 20 11:23 backup_script_weekly.sh
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 daily
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 monthly
drwxr-xr-x 2 alexandru alexandru 4096 Sep 12 09:25 weekly
drwxr-xr-x 2 alexandru alexandru 4096 Sep 20 11:29 x_logs
alexandru@debian:~/backup$ crontab -e
crontab: installing new crontab
alexandru@debian:~/backup$ sudo vim backup_script_daily.sh
alexandru@debian:~/backup$ sudo vim backup_script_monthly.sh
alexandru@debian:~/backup$ sudo vim backup_script_weekly.sh 
alexandru@debian:~/backup$ cd
alexandru@debian:~$ exit
exit
Script done, file is backup_website_steps.txt
alexandru@debian:~$

A crontab -l command will show what crontabs are active now:

alexandru@debian:~$ crontab -l
# Edit this file to introduce tasks to be run by cron.
# 
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
# 
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').# 
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
# 
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
# 
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
# 
# For more information see the manual pages of crontab(5) and cron(8)
# 
# m h dom mon dow command

@midnight /home/alexandru/backup/backup_script_daily.sh >> /home/alexandru/backup/x_logs/log_daily.log 2>&!
@weekly /home/alexandru/backup/backup_script_weekly.sh >> /home/alexandru/backup/x_logs/log_weekly.log 2>&1
@monthly /home/alexandru/backup/backup_script_monthly.sh >> /home/alexandru/backup/x_logs/log_monthly.log 2>&1

2 now that you have created a crontab for daily, weekly and monthly tasks, I would recommend copying backups to your local machine as often as possible, in case your server is unreachable. For this, you will need to edit the local crontab on your system and create a secure copy command that runs every week (I think is safe to do a local backup every week) and copies the weekly backup file to your local system.

Now, in openSUSE, there is a public_html directory created by default at installation, thus you could use this directory to place your local server backups. Create a “backup” directory inside public_html directory in openSUSE, or if you use another distribution, create a backup directory wherever you want.

alexandru@linux-c4rz:~> cd public_html/
alexandru@linux-c4rz:~/public_html> ls -l
total 0
alexandru@linux-c4rz:~/public_html> mkdir openlark_backup
alexandru@linux-c4rz:~/public_html> ls -l
total 0
drwxr-xr-x 2 alexandru users 6 Sep 20 14:14 openlark_backup

In order to use scp command in a crontab job, you will need to be able to log in through ssh and scp using public and private key pairs, not a password as we do now. To do this, you should run the ssh-keygen command:

alexandru@linux-c4rz:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/alexandru/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/alexandru/.ssh/id_rsa.
Your public key has been saved in /home/alexandru/.ssh/id_rsa.pub.
The key fingerprint is:

Now you will have two files: id_rsa and id_rsa.pub. The second one contains your public key, and the first one will have your private key. Make sure that the first one stays safe all the time. Now you will have to copy the public key file to your server. To do this, you will have to connect via scp using your password for now:

alexandru@linux-c4rz:~> cd .ssh/
alexandru@linux-c4rz:~/.ssh> ls -l
total 12
-rw------- 1 alexandru users 1766 Sep 20 14:31 id_rsa
-rw-r--r-- 1 alexandru users 402 Sep 20 14:31 id_rsa.pub
-rw-r--r-- 1 alexandru users 360 Sep 19 12:13 known_hosts

alexandru@linux-c4rz:~/.ssh> scp -P 2222 id_rsa.pub alexandru@xx.xxx.xxx.xxx:/home/alexandru
alexandru@xx.xxx.xxx.xxx's password: 
id_rsa.pub 100% 402 0.4KB/s 00:00 
alexandru@linux-c4rz:~/.ssh>

Now you will have to move the id_rsa.pub file into the .ssh directory on your server. After that, you will rename the file as authorized_keys:

alexandru@debian:~$ mv id_rsa.pub .ssh/
alexandru@debian:~$ cd .ssh/
alexandru@debian:~/.ssh$ ls -l
total 4
-rw-r--r-- 1 alexandru alexandru 402 Sep 20 13:35 id_rsa.pub
alexandru@debian:~/.ssh$ mv id_rsa.pub authorized_keys
alexandru@debian:~/.ssh$ ls -l
total 4
-rw-r--r-- 1 alexandru alexandru 402 Sep 20 13:35 authorized_keys

Now log out of your server and try to connect via ssh keys without a password. If you provided a passphrase for your sshkey, then you will be asked for it when you connect.

In case you still can’t log in using your ssh key and you receive an error similar to this: “ign_and_send_pubkey signing failed agent refused operation” then make sure to add your rsa_id using, on your local system, the command:

alexandru@linux-c4rz:~> ssh-add
Identity added: /home/alexandru/.ssh/id_rsa (/home/alexandru/.ssh/id_rsa)

Everything should be ok now, so you can connect through ssh by using your ssh keys:

alexandru@linux-c4rz:~> ssh -p 2222 alexandru@XX.XXX.XXX.XXX

Now that we have ssh keys authentication set up, we can proceed to making a backup crontab, first by creating a script:

#!/bin/bash

THESITE="openlark.com"
THEDATE='date +%d%m%y%H%M'

scp -P 3125 alexandru@94.130.105.206:/home/alexandru/backup/weekly/${THEDATE}${THESITE}* /home/alexandru/public_html/openlark_backup/

After the script is created, we make a new entry in crontab:

alexandru@linux-c4rz:~/public_html/openlark_backup> crontab -e
no crontab for alexandru - using an empty one
crontab: installing new crontab
alexandru@linux-c4rz:~/public_html/openlark_backup> crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.BsJ4mU installed on Wed Sep 20 15:16:03 2017)
# (Cronie version 4.2)
@weekly /home/alexandru/public_html/openlark_backup/weekly_backup_script.sh

 

↑Top