Managing servers with built-in tools

Further Automation

A login without password is typically appropriate for routine tasks which do not require the assistance of an administrator. In the case of night-time backups, for example, you would create a cronjob [4] that executes the backup when the computer is not being used. The simplest case involves the use of scp to back up data from the home directory (Listing 6, line 1). The -p option ensures that access rights and times are preserved, although this does not hold true for file owners.

$ scp -r -p -i ~/.ssh/mysshkey root@myserver:/home backupdirectory
$ ssh -i ~/.ssh/mysshkey root@myserver "tar cvzf - /home" >myserverbackup.tar.gz
$ rsync -az -e "ssh -i ~/.ssh/mysshkey" myserver:/home myserverbackup

A further possibility and one that is relatively unknown consists of transferring the data directly via ssh. This can be done for example by creating a tar backup and writing it to STDOUT, which is indicated by (- . The data is then transferred via the ssh connection and is then locally copied via the redirect operator > to the backup file (Listing 6, line 2).

Rsync offers yet another possibility for making backups. It only transfers data that has changed. In the example, the command from the last line of Listing 6 writes the data of the home directory on the myserver server into the local myserverbackup/ directory.

The -e "ssh -i ~/.ssh/mysshkey" option ensures that the call to the remote shell ssh is given the -i ~/.ssh/mysshkey option. This is the mechanism for logging in with the private key. To secure Rsync with a forced command, you should enter the -v ("verbose") option twice (Listing 7). Rsync then indicates which command should be executed on the remote server.

$ rsync -avvz -e "ssh -i ~/.ssh/mysshkey" myserver:/home myserverbackup
opening connection using: ssh -i "~/.ssh/mysshkey" myserver rsync --server --sender -vvlogDtprze.iLs . /home (10 args)

You can then record "rsync --server --sender -vvlogDtprze.iLs . /home" without the verbose options as a forced command on the remote server. This makes the key usable only for the Rsync backups from /home . The options --server --sender are rsync internal, which under normal circumstances you would never set.

The remaining options in the example allow features such as symlinks, owners, groups, device files, time stamps, etc. to continue to be available. Via the -v option, scp can also issue a command, including internal options, for remote execution(sending command: … ). You can use this as a forced command provided you only use the accompanying key for copies via scp.

Conclusion

You don't always need a big, full-blown solution to manage servers. Administrators of multiple computers can also make their work easier by using simpler programs. SSH offers all of the basic requirements in this regard. With some shell scripting and small additional tools, you can definitely make your administration tasks go more smoothly.