兩隻小虎,一隻豬

今天某一台DB的archie log 備份主機掛了,必須將archive log 備份到另外一台主機上,
備份的方式是透過scp定期將 archive log 複製一份到另一台主機,
因為scp指令不能帶password,因此在上crontab 之前,除了修改script 之外,還需要在新的主機上進行認證的動作

環境
DB Site
IP : 192.168.1.1
ID : oracle

Backup Site
IP : 192.168.1.2
ID : oracle

相關步驟如下

1. Create Private/Public key on DB Site

首先在DB端oracle 的 透過ssh-keygen 指令來建立private/public key, ssh-keygen 可以選擇rsa或dsa 演算法

[oracle@db ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
a1:30:6e:24:ba:dc:02:69:a1:44:f6:a2:39:6b:08:cf oracle@tpebiz02T


[oracle@db ~]$ ls -ltr
-rw-r--r--  1 oracle dba      226 May 20 17:17 id_rsa.pub
-rw-------  1 oracle dba      883 May 20 17:17 id_rsa

執行完後會在/home/oracle/.ssh/id_rsa 看到兩個檔案
1. id_rsa (private key)
2. id_rsa.pub (pbulic key)

注意事項
1. id_rsa 的權限必須是-rw-------,
2. id_rsa 屬於oracle這個user,
3. id_rsa 必須放在$HOME/.ssh 目錄下

2. Copy public key to Backup site

在DB 端建立好 private/public key 之後,接下來則是將id_rsa.pub ( public key copy) 到backup 主機上

[oracle@db ~]$ scp ~/.ssh/id_rsa.pub oracle@192.168.1.2:~

然後將剛剛 id_rsa.pub 資料附加到 authorized_keys 這個檔案內

[oracle@backup ~]$ mkdir .ssh
[oracle@backup ~]$ chmod 700 .ssh
[oracle@backup ~]$ ls -ld .ssh
drwx------ 2 oracle dba 4096  May  20 17:20 .ssh


[oracle@backup ~]$ cat id_rsa.pub >> .ssh/authorized_keys
[oracle@backup ~]$ chmod 644 .ssh/authorized_keys
[oracle@backup ~]$ ls -l .ssh
-rw-r--r-- 1 oracle dba 4096  May  20 17:20 authorized_keys

注意事項
1. .ssh 目錄，權限需要為 700
2. authorized_keys 權限需要為 644