バックアップ用途でアップロードだけさせるようにリモート間で連携できないかな~?そんな時に公開鍵にコマンド制限機能が役に立ちます。
サーバ側
unagiユーザを作ります。
|
1 2 |
# useradd unagi # su - unagi |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[unagi@ssh-srv ~]$ ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/home/unagi/.ssh/id_rsa): Created directory '/home/unagi/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/unagi/.ssh/id_rsa. Your public key has been saved in /home/unagi/.ssh/id_rsa.pub. The key fingerprint is: 6a:df:4d:7d:fd:c2:81:91:d1:73:25:ff:b8:5d:36:da unagi@ssh-srv The key's randomart image is: +--[ RSA 4096]----+ | .. o| | . oo.| | o o.| | o ..| | S o..+| | . ..+++| | o .ooE+| | . . . o o..| | . . . ..| +-----------------+ |
公開鍵、秘密鍵が生成されましたね。
公開鍵の確認と、有効にする為のリネームをしようね。
|
1 2 |
$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/t4ddanKS3rLHK681XIQHFGg8+07RrFVT2iqnZyiEmQNCFGuSsc3/291iXIuWuU+pDIYwqZ0JhcRiZx19cWdCiHu6TJDXMDmGOn/3/h9JIJQ8D1LaXuEcWsUFlOI6Ut50qiRQ9+8BK/xlUO7rX4E1tt7XQmjhbl3as2IAt8fPbKped1g7LCBKRsQaPig7Rz+kQ35uII8DxJxsx6MARujadaWAfFwFx/VlfqDlF0xNrwRAo7q+T2L3HYrMT/4eHiq9Vzo9J/ta5CAY1Ox7yI49FLUIXmXdrWSLNpLGsNg8Aq9kZHoSFxOmXr1bBs6spNnAVVc+mV2AXzXBAJwd479I6nlLMQuFyZB/V1ffVZDkEOwM+w5smhjNTMmqyu+JdAlcwvkSjFH1H1qoSeWGF4kRUqEXzQP47oPmzhwC51X1ieFM5g5eZivYvfXwGGPgeeb02W2S74u8VP6l8Y96B171etzGvq/3KvCBr5qJCWMtSXBOqnzopBHYniDuCiuGaU9n/RRaLCNNcAHViA+FIBdrrnz81scntMPhh/FIWrNYUraCE1odVDl4BEdReiiB+EMT/87FJKwU7Ul8IP0vvy4iqfFD+el4CMMQy410EMZyPuz3yICkDZSahfqoU30JOLtuqszzBguMO4W1g0C1DNDC3SgPu6ykXSkIHwi+9swO2Q== unagi@ssh-srv |
|
1 |
$ mv .ssh/id_rsa.pub .ssh/authorized_keys |
SCPの受け手の設定をします。
|
1 2 3 |
$ vi .ssh/authorized_keys command="scp -t /home/unagi/Backup/data/" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/t4ddanKS3rLHK681XIQHFGg8+07RrFVT2iqnZyiEmQNCFGuSsc3/291iXIuWuU+pDIYwqZ0JhcRiZx19cWdCiHu6TJDXMDmGOn/3/h9JIJQ8D1LaXuEcWsUFlOI6Ut50qiRQ9+8BK/xlUO7rX4E1tt7XQmjhbl3as2IAt8fPbKped1g7LCBKRsQaPig7Rz+kQ35uII8DxJxsx6MARujadaWAfFwFx/VlfqDlF0xNrwRAo7q+T2L3HYrMT/4eHiq9Vzo9J/ta5CAY1Ox7yI49FLUIXmXdrWSLNpLGsNg8Aq9kZHoSFxOmXr1bBs6spNnAVVc+mV2AXzXBAJwd479I6nlLMQuFyZB/V1ffVZDkEOwM+w5smhjNTMmqyu+JdAlcwvkSjFH1H1qoSeWGF4kRUqEXzQP47oPmzhwC51X1ieFM5g5eZivYvfXwGGPgeeb02W2S74u8VP6l8Y96B171etzGvq/3KvCBr5qJCWMtSXBOqnzopBHYniDuCiuGaU9n/RRaLCNNcAHViA+FIBdrrnz81scntMPhh/FIWrNYUraCE1odVDl4BEdReiiB+EMT/87FJKwU7Ul8IP0vvy4iqfFD+el4CMMQy410EMZyPuz3yICkDZSahfqoU30JOLtuqszzBguMO4W1g0C1DNDC3SgPu6ykXSkIHwi+9swO2Q== unagi@ssh-srv |
/home/unagi/Backup/data/にファイルを受けます。
秘密鍵の確認をしようね。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
$ cat .ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEAv7eHXWpykt6yxyuvNVyEBxRoPPtO0axVU9oqp2cohJkDQhRr krHN/9vdYlyLlrlPqQyGMKmdCYXEYmcdfXFnQoh7ukyQ1zA5hjp/9/4fSSCUPA9S 2l7hHFrFBZTiOlLedKokUPfvASv8ZVDu61+BNbbe10Jo4W5d2rNiALfHz2yqXndY OywgSkbEGj4oO0c/pEN+biCPA8ScbMejAEbo2nWlgHxcBcf1ZX6g5RdMTa8EQKO6 vk9i9x2KzE/+Hh4qvVc6PSf7WuQgGNTse8iOPRS1CF5l3a1kizaSxrDYPAKvZGR6 EhcTpl69WwbOrKTZwFVXPpldgF81wQCcHeO/SOp5SzELhcmQf1dX31WQ5BDsDPsO bJoYzUzJqsrviXQJXML5EoxR9R9aqEnlhheJEVKhF80D+O6D5s4cAudV9YnhTOYO XmYr2L318Bhj4Hnm9Nltku+LvFT+pfGPegde9Xrcxr6v9yrwga+aiQljLUlwTqp8 6KQR2J4g7gorhmlPZ/0UWiwjTXAB1YgPhSAXa658/NbHJ7TD4YfxSFqzWFK2ghNa HVQ5eARHUXoogfhDE//OxSSsFO1JfCD9L78uIqnxQ/npeAjDEMuNdBDGcj7s98iA pA2UmoX6qFN9CTi7bqrM8wYLjDuFtYNAtQzQwt0oD7uspF0pCB8IvvbMDtkCAwEA AQKCAgAU1wpr6SpTNMoSRHljP49KhblfB6JlwGn2F30TfW82Grvz7uxSoelWqrvB +XVjCPnT0nyzxXxAkL3sRHE8NZuX6+YnNjN4cNGP+cP3XTRhap0yeifzfOTThDpu hOSimmd8HxKbipf8dJ+XE9kk1Nji0eIfXCSyfKDPKTi6A0BBF/rdEfQRWpaX/GFM yPzulKwiWwPfTMK/Ehw+5uSdHxgoxykacmo+ZqISSlWLEaFFwISh0ip2jYKggiGY XAmvlG/o7RZzl2kHVEz45gxe2Eo98YZMRpakJjkLuP7zgj2/KDuQmit60+9a4mmK /45vzeutsJkvQNSdI7xgIoTV6u/b+Qn/qochOgD39nheida6TFl1eKeeHBUCX9jZ 3R50Mk+/6Nxr+VkkiRZd30wdKkgvN4ktGOBy7l8GOHbIhx6c5LyzTUoCWYjtJ6k2 F0PBchfqs8nZ1/ttbTO3QqY2EYGyo/Ny26OCotV0nuf9XKSv2SKP0+JuJDegbSD5 1RL/OCFTW+W0mOj3ZpZ58e68Y338kKCWBIwJ3y4l2pcpuU5ksgqhYZSx/OlYRe0r MSmfL0fLLjkZbHHS/KE6brHF/X1io7lMJYsuNCVA7QLfoX3zskvICdGu1+Y0u9HG /7P5+4PIKcmda8h87/8tu5Hg/83HSQ3DmkGqZhyh/+kVqI6f0QKCAQEA5+8Yyl7G HKhVlB97ZPM1MoEs73dRTITClhoZWNksI6Hiz969aoyYqKq0PFE4JpuG0n3T5029 RIV5UNb8SoN58ErwN2wjK8CAius10f9I/rr7M/cjzxP210Npi2mm861JivxVF7QG /ydKFB8zKaOyJo1Dfi0GphxunxcbpNEbeSaHNf7rx3iDikQCV6/Lut5d6QJkz8bI 7PUmPdAqoGvpTdcLFXk0gWIWbQ4eYh76XasapmSc8qvqR08st45I+xAUo4LuvvsM GKEv1HPLXGsaFkYlxIjdoApwomUH5vdlA7SpZ0IZpnTSyfg66TqwmyH2mDhSIpB6 0IfU+jwJkx5oCwKCAQEA05wjk7VhxdazMps/NP2NaSKCQE2zPxeecm/5TGqMbuEA CV7dw7mmjZTS7uQ0/PQZYztkBWw20b1K3dOUakG8l/LtyZwQRDg4aW8jeaQ+JwkE lMTbcMXFd/DVilE1QtlWo+g/qerlKaBqMM4ep8J7W7ibHLUAqDn0Y+Shc2jsxCfj 5V/e2OVsVswJOGYb6617EC6at7ojcbT3DwQRx8lNXk2XCbv74hoIpGVJk8SFs+2y s2Kx/GmxGa4pd6fw/4EWLayTp59fvo/NDDy1VyghYpjv/+GdjIy6awpitNwcrdkS rtoT+AcaTnneQhGjymn6vTVuQM7zXhfH5QMhIo3fKwKCAQEAwE3zzR+lve8o/ebY hgxNqHGIk4joBLzzJke/inaO7YB1sgsqHKU0kmzvgi+JkiFUOUURJPDFJIJS419N 0m6O9Vj9McbcppM3QXfiqRq1KFhanmyk6TbRbQy8/1X7koG0v6OW3k9rmbW261Yv MrBCr0pjksO8hpB+fDRJvG+RCvOSGogicMKQtlzLYG8nSerEDMXqVoio4iglrAzk uxyeVecejpBvo3NzyrpxIMQ0rOOI9jvoEiHO349bMVqtUlWz9xtB32ICVo2XPd1A 2YEIIT3KZNligScG2u9QDQZFYDw0VaRt5iFpAQNrvSPneMlBUFcqavRGkI5/XXfY LH6CnwKCAQEAg7cHqhRXtIZsak6Z7Ej6sXtKae4zaU0xUfgCzB7yJL4mgK6tCPxR AIWnOg2QMfdaqhq4qmtuP+U8aZEeK3mZg1cxzbE3qs73xiDoivnBuhhx4owaLzrb LEobEQp1RZP0yvdwUTqlw+BW2OQjzrZOhIwG+Lptm0jfpyIToLupzHsr7oVbN9Su N+SuxI1CSdNk63Cm2z+gelFzCsS0sI/LeayAHA4HvfgIcxOc1b6YnqOQ/Pms4fmD xAFVTGabqt5VyL5H9ilMtlfaAQj0sziGd1HM6ZAsueSK0L/ZKsxriYa5i16w2UzK ghh3UNacBg0rhoRwiSSH9YSF5zWodVKrmwKCAQA+SuDJxnmi76H0bBwm/yHIhAxA spjrnHBaP8yJUpw8ZT86cyxFdRFVBVnksj9ZC+nH4685bXtyVgTBq+q461dLhtZZ DhG/jRd3pESHB5RjisiuV81OFJrjGZiRD+CRDM9IrQOc/MoDZRiABD49PRttbfCg 47Nkx8oYSCtgV2PA6VUrdtYcP2kUmJwIdDHs4BOY8UkGBQqfSuDn/DxucUFcfYQY r6RUdhhL1Q/fu2JiSCaHv8P+gBPn8i16B3DPztL4unfGGXELZ9YX7AGauTNHIsGx 2Nu3P5QgR1uHKLGJHu6d0eEwN4PSjcLucFDXU1BeJFbig94bWwbFYtFqV/lX -----END RSA PRIVATE KEY----- |
パーミッションの設定をするよ。
|
1 2 |
$ chmod 700 .ssh $ chmod 600 .ssh/authorized_keys |
忘れちゃいけない、バックアップディレクトリを作成します。
|
1 |
$ mkdir -p /home/unagi/Backup/data/ |
SSHクライアント アップロード実行専用サーバ
SSHサーバの秘密鍵を貼り付けます。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# vi /root/RemoteBackup.key -----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEAv7eHXWpykt6yxyuvNVyEBxRoPPtO0axVU9oqp2cohJkDQhRr krHN/9vdYlyLlrlPqQyGMKmdCYXEYmcdfXFnQoh7ukyQ1zA5hjp/9/4fSSCUPA9S 2l7hHFrFBZTiOlLedKokUPfvASv8ZVDu61+BNbbe10Jo4W5d2rNiALfHz2yqXndY OywgSkbEGj4oO0c/pEN+biCPA8ScbMejAEbo2nWlgHxcBcf1ZX6g5RdMTa8EQKO6 vk9i9x2KzE/+Hh4qvVc6PSf7WuQgGNTse8iOPRS1CF5l3a1kizaSxrDYPAKvZGR6 EhcTpl69WwbOrKTZwFVXPpldgF81wQCcHeO/SOp5SzELhcmQf1dX31WQ5BDsDPsO bJoYzUzJqsrviXQJXML5EoxR9R9aqEnlhheJEVKhF80D+O6D5s4cAudV9YnhTOYO XmYr2L318Bhj4Hnm9Nltku+LvFT+pfGPegde9Xrcxr6v9yrwga+aiQljLUlwTqp8 6KQR2J4g7gorhmlPZ/0UWiwjTXAB1YgPhSAXa658/NbHJ7TD4YfxSFqzWFK2ghNa HVQ5eARHUXoogfhDE//OxSSsFO1JfCD9L78uIqnxQ/npeAjDEMuNdBDGcj7s98iA pA2UmoX6qFN9CTi7bqrM8wYLjDuFtYNAtQzQwt0oD7uspF0pCB8IvvbMDtkCAwEA AQKCAgAU1wpr6SpTNMoSRHljP49KhblfB6JlwGn2F30TfW82Grvz7uxSoelWqrvB +XVjCPnT0nyzxXxAkL3sRHE8NZuX6+YnNjN4cNGP+cP3XTRhap0yeifzfOTThDpu hOSimmd8HxKbipf8dJ+XE9kk1Nji0eIfXCSyfKDPKTi6A0BBF/rdEfQRWpaX/GFM yPzulKwiWwPfTMK/Ehw+5uSdHxgoxykacmo+ZqISSlWLEaFFwISh0ip2jYKggiGY XAmvlG/o7RZzl2kHVEz45gxe2Eo98YZMRpakJjkLuP7zgj2/KDuQmit60+9a4mmK /45vzeutsJkvQNSdI7xgIoTV6u/b+Qn/qochOgD39nheida6TFl1eKeeHBUCX9jZ 3R50Mk+/6Nxr+VkkiRZd30wdKkgvN4ktGOBy7l8GOHbIhx6c5LyzTUoCWYjtJ6k2 F0PBchfqs8nZ1/ttbTO3QqY2EYGyo/Ny26OCotV0nuf9XKSv2SKP0+JuJDegbSD5 1RL/OCFTW+W0mOj3ZpZ58e68Y338kKCWBIwJ3y4l2pcpuU5ksgqhYZSx/OlYRe0r MSmfL0fLLjkZbHHS/KE6brHF/X1io7lMJYsuNCVA7QLfoX3zskvICdGu1+Y0u9HG /7P5+4PIKcmda8h87/8tu5Hg/83HSQ3DmkGqZhyh/+kVqI6f0QKCAQEA5+8Yyl7G HKhVlB97ZPM1MoEs73dRTITClhoZWNksI6Hiz969aoyYqKq0PFE4JpuG0n3T5029 RIV5UNb8SoN58ErwN2wjK8CAius10f9I/rr7M/cjzxP210Npi2mm861JivxVF7QG /ydKFB8zKaOyJo1Dfi0GphxunxcbpNEbeSaHNf7rx3iDikQCV6/Lut5d6QJkz8bI 7PUmPdAqoGvpTdcLFXk0gWIWbQ4eYh76XasapmSc8qvqR08st45I+xAUo4LuvvsM GKEv1HPLXGsaFkYlxIjdoApwomUH5vdlA7SpZ0IZpnTSyfg66TqwmyH2mDhSIpB6 0IfU+jwJkx5oCwKCAQEA05wjk7VhxdazMps/NP2NaSKCQE2zPxeecm/5TGqMbuEA CV7dw7mmjZTS7uQ0/PQZYztkBWw20b1K3dOUakG8l/LtyZwQRDg4aW8jeaQ+JwkE lMTbcMXFd/DVilE1QtlWo+g/qerlKaBqMM4ep8J7W7ibHLUAqDn0Y+Shc2jsxCfj 5V/e2OVsVswJOGYb6617EC6at7ojcbT3DwQRx8lNXk2XCbv74hoIpGVJk8SFs+2y s2Kx/GmxGa4pd6fw/4EWLayTp59fvo/NDDy1VyghYpjv/+GdjIy6awpitNwcrdkS rtoT+AcaTnneQhGjymn6vTVuQM7zXhfH5QMhIo3fKwKCAQEAwE3zzR+lve8o/ebY hgxNqHGIk4joBLzzJke/inaO7YB1sgsqHKU0kmzvgi+JkiFUOUURJPDFJIJS419N 0m6O9Vj9McbcppM3QXfiqRq1KFhanmyk6TbRbQy8/1X7koG0v6OW3k9rmbW261Yv MrBCr0pjksO8hpB+fDRJvG+RCvOSGogicMKQtlzLYG8nSerEDMXqVoio4iglrAzk uxyeVecejpBvo3NzyrpxIMQ0rOOI9jvoEiHO349bMVqtUlWz9xtB32ICVo2XPd1A 2YEIIT3KZNligScG2u9QDQZFYDw0VaRt5iFpAQNrvSPneMlBUFcqavRGkI5/XXfY LH6CnwKCAQEAg7cHqhRXtIZsak6Z7Ej6sXtKae4zaU0xUfgCzB7yJL4mgK6tCPxR AIWnOg2QMfdaqhq4qmtuP+U8aZEeK3mZg1cxzbE3qs73xiDoivnBuhhx4owaLzrb LEobEQp1RZP0yvdwUTqlw+BW2OQjzrZOhIwG+Lptm0jfpyIToLupzHsr7oVbN9Su N+SuxI1CSdNk63Cm2z+gelFzCsS0sI/LeayAHA4HvfgIcxOc1b6YnqOQ/Pms4fmD xAFVTGabqt5VyL5H9ilMtlfaAQj0sziGd1HM6ZAsueSK0L/ZKsxriYa5i16w2UzK ghh3UNacBg0rhoRwiSSH9YSF5zWodVKrmwKCAQA+SuDJxnmi76H0bBwm/yHIhAxA spjrnHBaP8yJUpw8ZT86cyxFdRFVBVnksj9ZC+nH4685bXtyVgTBq+q461dLhtZZ DhG/jRd3pESHB5RjisiuV81OFJrjGZiRD+CRDM9IrQOc/MoDZRiABD49PRttbfCg 47Nkx8oYSCtgV2PA6VUrdtYcP2kUmJwIdDHs4BOY8UkGBQqfSuDn/DxucUFcfYQY r6RUdhhL1Q/fu2JiSCaHv8P+gBPn8i16B3DPztL4unfGGXELZ9YX7AGauTNHIsGx 2Nu3P5QgR1uHKLGJHu6d0eEwN4PSjcLucFDXU1BeJFbig94bWwbFYtFqV/lX -----END RSA PRIVATE KEY----- |
パーミッションの設定をしようね。
|
1 |
# chmod 400 /root/RemoteBackup.key |
テスト用ファイルを作ります。
|
1 2 |
# mkdir /data # touch /data/dashi.txt |
テスト用ファイルを送り込みます。
|
1 2 3 |
# scp -rv -i "/root/RemoteBackup.key" /data/* unagi@192.168.11.12 Executing: cp -r -- /data/dashi.txt unagi@192.168.11.12 |
美味く実行することが出来ました。
rsyncに対応する
SCPよりrsyncが好きです。
そんなわけで、rsyncの設定の場合をご紹介。
●クライアント側
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# rsync -arv -e "ssh -v -i /root/RemoteBackup.key" /data/ unagi@192.168.11.12:/home/unagi/Backup/data/ OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 56: Applying options for * debug1: Connecting to 192.168.11.12 [192.168.11.12] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/RemoteBackup.key type -1 debug1: identity file /root/RemoteBackup.key-cert type -1 (略) debug1: Sending command: rsync --server -vlogDtpre.iLsf . /home/unagi/Backup/data/ ←ここに注目 (略) |
debug1に送信したコマンドが見れます、これを控えます。
●サーバ側
|
1 2 3 |
# vi /home/unagi/.ssh/authorized_keys command="rsync --server -vlogDtpre.iLsf . /home/unagi/Backup/data/" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/t4ddanKS3rLHK681XIQHFGg8+07RrFVT2iqnZyiEmQNCFGuSsc3/291iXIuWuU+pDIYwqZ0JhcRiZx19cWdCiHu6TJDXMDmGOn/3/h9JIJQ8D1LaXuEcWsUFlOI6Ut50qiRQ9+8BK/xlUO7rX4E1tt7XQmjhbl3as2IAt8fPbKped1g7LCBKRsQaPig7Rz+kQ35uII8DxJxsx6MARujadaWAfFwFx/VlfqDlF0xNrwRAo7q+T2L3HYrMT/4eHiq9Vzo9J/ta5CAY1Ox7yI49FLUIXmXdrWSLNpLGsNg8Aq9kZHoSFxOmXr1bBs6spNnAVVc+mV2AXzXBAJwd479I6nlLMQuFyZB/V1ffVZDkEOwM+w5smhjNTMmqyu+JdAlcwvkSjFH1H1qoSeWGF4kRUqEXzQP47oPmzhwC51X1ieFM5g5eZivYvfXwGGPgeeb02W2S74u8VP6l8Y96B171etzGvq/3KvCBr5qJCWMtSXBOqnzopBHYniDuCiuGaU9n/RRaLCNNcAHViA+FIBdrrnz81scntMPhh/FIWrNYUraCE1odVDl4BEdReiiB+EMT/87FJKwU7Ul8IP0vvy4iqfFD+el4CMMQy410EMZyPuz3yICkDZSahfqoU30JOLtuqszzBguMO4W1g0C1DNDC3SgPu6ykXSkIHwi+9swO2Q== unagi@ssh-srv |
●クライアント側
|
1 2 3 4 5 |
# rsync -arv -e "ssh -i /root/RemoteBackup.key" /data/ unagi@192.168.11.12:/home/unagi/Backup/data/ sending incremental file list sent 43 bytes received 12 bytes 110.00 bytes/sec total size is 0 speedup is 0.00 |
お疲れ様です。
