You wish to backup a directory on machine A by making a copy on machine B. (In our case, machine B is a netapp, so we get further backup for free).
On machine A, create a new key using ssh-keygen
[user@A]: cd; cd .ssh
[user@A]: ssh-keygen -t dsa -C 'rsync@A' -f rsync_dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in rsync_dsa.
Your public key has been saved in rsync_dsa.pub.
The key fingerprint is:
fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe rsync@A
[user@A]:
Next, send the public key rsync_dsa.pub to user@B (machine B).
[user@A]: scp rsync_dsa.pub user@B:.ssh/
Now setup A to send updates from your directory to machine B. You can do this with crontab, or create a script in /etc/cron.daily. (We show the script here)
[includecode#../scripts/rsync_dir]
Now, move over to machine B. On B, we need to add the public key for A to our authorized_keys. More importantly we need to make sure A can only do rsync, we do this by adding a command to the authorized_keys
[user@B]: cd; cd .ssh
[user@B]: echo 'command="rsync --suffix .`date +%s` --server -vbltprcR /home/user/A" ' > command
[user@B]: cat command rsync_dsa.pub >>authorized_keys
[user@B]: chmod 600 authorized_keys
Your authorized keys should then have a line with command="<code>" ssh-dss KEYDATAHERE...AQ== rsync@A. If not, edit by hand and make it look like it should. If you're having issues, check my ssh-keys troubleshooting page.
Go back to machine A and test your script.
[user@A]: ./rsync_dir
~/work /etc/cron.daily
building file list ...
2 files to consider
IGotaNewFileNow
21 100% 0.00kB/s 0:00:00 (1, 100.0% of 2)
sent 138 bytes received 40 bytes 356.00 bytes/sec
total size is 21 speedup is 0.12
/etc/cron.daily
[user@A]:
Done.
Figuring out what to put in your ssh-key is easy, try running your script without the command in the authorized_keys. Then suspend it. Go to the remote machine and ps -aef |grep rsync, you'll see the correct arguments there...