Keep 2 servers in sync with rsync and ssh

Submitted by linuxadmin on Sun, 12/12/2010 - 22:21

Log in via ssh without a password

On the server edit /etc/ssh/sshd_config and unhash the following lines:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Restart sshd

Now, on the client, generate a key-pair. Don't set a password (while less secure this is defeating the point)

$ ssh-keygen -t dsa

And then copy the public key to the remote server

$ sh-copy-id -i ~/.ssh/id_dsa.pub remote_user@server

You should now be able to login without having to enter a password.

Rsync and SSH

Why would you want to do this, well, ever wanted to keep the contents of a folder on one server the same as another server without manually copying the files to both servers? Well this is really quite easy.

Lets assume I want to keep /var/www/html on web02 in sync with the contents of the same directory on web01. In other words, I'll upload all my data to web01, and web02 will automatically synchronise itself with web01.

FYI, rsync can be run from either server and the files pushed out or pulled in. It's up to you. In my example web02 pulls the files across from web01.

A better option might be to have a cron job that checks for new content on web01, and when new content is found, it can push the updated files out onto the other web server(s).

First we'll need to enable public key authentication on web01. (Remember, web02 is going to SSH into web01 and pull the files from it).

  • On web01 edit /etc/ssh/sshd_config and unhash the following lines: 
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
  • On web01 restart ssh
  • On web01 create a user (websync in my example) that has access to the files you want to copy. You could use root but this obviously has it's dangers.
(man sshd_config and see permitrootlogin for more options than just yes or no)
  • On web02, if you do not already have an ssh public/private key pair, then generate one with ssh-keygen -t dsa. Do this as the user that will be running the script. This user will also need to have write access to destination directory on web02.
  • Copy the public key from web02 to web01 with ssh-copy-id -i ~/.ssh/id_dsa.pub websync@web01
(If that fails you could do it the manual way by copying the contents of /home/user/.ssh/id_dsa.pub to /home/websync/.ssh/authorized_keys on web01)
  • On web02 you should now be able to ssh to web01 as websync without entering a password. You'll need to accept the fingerprint first.
  • On web02 Now create a script to duplicate the files. 
#!/usr/bin/env bash
# Sync files from host-A to web02 (this server)
 
PATH=${PATH}:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin
 
rsync --delete-after -zave ssh --progress userA@serverA:/var/www/html/ /var/www/html/
Burtronix Banner W3C Banner