Linux automates remote copy backup of files via shell

In the execution of the scheduled task copy file, the SCP command needs to enter the password, where the public key to implement the automatic password input.

Specific operation:

Requirements: Copy the Test.tar on the 192.168.0.2 machine to the 192.168.0.3 machine.

On the 192.168.0.2 server:
Mkdir-p ~/.ssh
chmod ~/.ssh
Ssh-keygen-t rsa-p ""-F ~/.ssh/id_rsa

After the 192.168.0.3 is established in the. SSH directory, from 192.168.0.2 copy ~/.ssh/id_rsa.pub to 192.168.0.3 in ~/.ssh directory (SCP ~/.ssh/id_rsa.pub [email PROTECTED]:~/.SSH).

On the 192.168.0.3 server:
Mkdir-p ~/.ssh

Rename the id_rsa.pub from 192.168.0.2 to Authorized_keys (CP id_rsa.pub Authorized_keys)

chmod ~/.ssh/authorized_keys

At this point the copy does not need to enter the password: SCP test.tar [Email protected]:/var/www

This command can be placed in a scheduled task and executed automatically.

A is a local host (that is, the machine used to control other hosts);
b is the remote host (that is, the controlled machine server), if the IP is 192.168.60.110;
Systems A and B are all Linux.

Run the command on a:
# ssh-keygen-t RSA (three consecutive returns, i.e. locally generated public and private keys, no password set)
# SSH [email protected] "mkdir. SSH; chmod 0700. SSH "(password required)
# SCP ~/.ssh/id_rsa.pub [email protected]:.ssh/id_rsa.pub (need to enter a password)

command on B:
# TOUCH/ROOT/.SSH/AUTHORIZED_KEYS2 (if this file already exists, skip this one)
# cat/root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys2 (append id_rsa.pub content to Authorized_keys2)

Back to a machine:
# SSH [email protected] (no password required, login successful)

If you can protect your private key, this method is relative to the shell to enter the password, to be more secure

##############################################
Go a little deeper:

From the surface of the simple understanding of the process of login,
First the ssh-keygen-t RSA command generates a key and a public key, and the key can set its own password, you can understand the key as a key, the public key to understand the key corresponding to the lock, the lock (public key) to the server you want to control, lock the server, Only the person with the key (key) can open the lock, enter the server and control, and for the person who owns the key, must know the key itself password, in order to use this key (unless the key is not set the password), so that the key can be prevented by the person (the private key is copied)

Of course, this example is just a handy understanding,
The person who has the root password is certainly not locked, and there is not necessarily a lock (public key), but if any lock is opened with its corresponding key (private key), the server can be controlled by that person.
So, as long as you know the root password of the server, and put the root of the public key on the above, you can use the public key corresponding to the private key "open" server, and then log in as root, even if the root password has changed!

If you want to control n machines, you need n pairs of keys (keys and public keys), the Ssh-keygen command can change the name of the key pair, such as:
[email protected]. ssh]# ssh-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA):/root/.ssh/id_rsa_192.168.102.12
......

So the name of the private key and the public key are:
Id_rsa_192.168.102.12 and Id_rsa_192.168.102.12.pub
The contents of the Id_rsa_192.168.102.12.pub file are then appended to the sever ~/.ssh/authorized_keys2 file,

Finally, specify the local key locally with the-I parameter of the SSH command and log in:
# ssh-i/root/.ssh/id_rsa_192.168.102.12 192.168.102.12

If the key is set to a password, log in with the key password, without a password, directly logged in

The SCP is the same.
Such as:
Scp-i/root/.ssh/id_rsa./xxx 192.168.102.158:/home/wwy/bak

Linux automates remote copy backup of files via shell