Password-less SSH for Rsync from Solaris

This short article will demonstrate by example password-less ssh from a Solaris 8 box which will backup the contents of a linux box using rsync.
In the example there are 2 users involved and 2 machines involved:
User: bak2solaris Machine: mylinuxbox (RHEL/Centos)
User: root Machine: mysolarisbox (Solaris 8)
A cron job will run on machine 'mysolarisbox' as root. Root will ssh/rsync in to 'mylinuxbox' and get the files. As such the DSA Public Key of user root@mysolarisbox needs to be in the authorized_keys file of user 'bak2solaris' on machine mylinuxbox. i.e. /home/bak2solaris/.ssh/authorized_keys
This process is a little more complicated on Solaris than Linux.

Summary of Steps Required:
1. root@mysolarisbox – generate public/private dsa key pair
2. copy root@mysolarisbox public key to backupuser@mylinuxbox
3. add root@mysolarisbox's public key to backupuser@mylinuxbox's authorized_keys
4. as root@mysolarisbox ssh as backupuser@mylinuxbox using root@mysolarisbox's private key

Detail of Steps Required:

1. Create the DSA Public Key for root@mysolarisbox (if not already present):
user@mysolarisbox# su –
root@mysolarisbox# /usr/local/bin/ssh-keygen -t dsa -f /.ssh/id_dsa.mysolarisbox.root -N ""

2. Copy the public key to mylinuxbox:
root@mysolarisbox# /usr/local/bin/scp id_dsa.mysolarisbox.root.pub jonny@mylinuxbox:/home/jonny

3. Log into mylinuxbox and add the public key to the authorized_keys file:
jonny@mylinuxbox# su –
root@mylinuxbox# touch /home/bak2mysolarisbox/.ssh/authorized_keys
root@mylinuxbox# cat /home/jonny/id_dsa.mysolarisbox.root.pub >> /home/bak2mysolarisbox/.ssh/authorized_keys
root@mylinuxbox# chmod 600 /home/bak2mysolarisbox/.ssh/authorized_keys && chown -R bak2mysolarisbox /home/bak2mysolarisbox/.ssh

4. Test an ssh session from root@mysolarisbox to bak2mysolarisbox@mylinuxbox :
root@mysolarisbox# /usr/local/bin/ssh -v -i /.ssh/id_dsa.mysolarisbox.root bak2mysolarisbox@mylinuxbox

5. Create a cron script to do the rsync as follows:
root@mysolarisbox# vi getStatsFromMyLinuxBox.sh
/usr/local/bin/rsync –rsync-path /usr/bin/rsync -avz –delete -e "ssh -i /.ssh/id_dsa.mysolarisbox.root" bak2mysolarisbox@mylinuxbox.domain.tld:/export/ /backup/path/
root@mysolarisbox# chmod a+x getStatsFromMyLinuxBox.sh
root@mysolarisbox# crontab -e
00 16 * * * /backup/web-misc/scripts/getStatsFromMyLinuxBox.sh > /var/log/mylinuxbox_rsync_cron_log.log

Explanation of Rsync options:
–rsync-path    the path to rsync on the remote machine
-avz        Archive, verbose, compress
–delete    Delete files locally that are not present on remote
-e        Execute alternative remote shell program to use for communication between the local and remote copies of rsync

Potential Issues:
* May need to install rsync on the Solaris box:
    – Go to sunfreeware.com and get the following packages:
        – ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/libintl-3.4.0-sol8-sparc-local.gz
        – ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/libiconv-1.11-sol8-sparc-local.gz
        – ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/popt-1.14-sol8-sparc-local.gz
        – ftp://ftp.sunfreeware.com/pub/freeware/sparc/8/rsync-3.0.2-sol8-sparc-local.gz

    – unzip each file
    – install with pkgadd -d <filename>
* The –rsync-path was essential and take quite a bit of figuring out (jonny gives dirty look to solaris)
* It may be necessary to do the following, but only if you get errors:
crle -l /lib:/usr/lib:/usr/local/lib

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>