Combining SSH and Cron

[void]

Again we will try an issue where the terminal in text mode programs from the command line are the protagonists.

SSH without password

We will not address how to install SSH (client / server) in your machine. This should not be a problem in the distributions of today, and many of them installed this program by default. Before further assume that both the SSH client and server are installed and running on your computer. SSH (Security SHell) is a program that allows you to connect securely between machines that have this program installed (client and server). Among the many things that SSH provides the most important is that all traffic between two machines (including accounts and passwords) is encrypted. This avoids that important and confidential information from falling into the wrong hands if someone is 'listening' which travels over the network with a program 'packet sniffer'.

To connect to SSH as the user 'user', from a machine called 'server1' to another called 'server2', we can write the following in a terminal:

Code:

[User @ server1] # ssh user @ server2
 user @ server2's password: xxxxxxx

 Last login: Sun July 31 2010 15:46:02
 [User @ server2] #

Normally you have to type the password when connecting to another server. This is not a problem as long as we are working interactively and can write the key, is not a big problem if we connect a few times. But if we want a machine to automatically connect to another to perform work, or we have to connect many times to different machines, having to write the key all the time ends up being a problem. This can be solved using what are called private and public keys.

To build our public and private keys are going to use ssh-keygen program is part of SSH. Below is a example of how we can generate these keys:

Code:

[Ralf @ server1] # ssh-keygen-t rsa

 Generating public / private rsa key pair.
 Enter file in Which to save the key (/ home / ralf / .ssh / id_rsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has-been saved in / home / ralf / .ssh / id_rsa.
 Your public key has-been saved in / home / ralf / .ssh / id_rsa.pub.
 The key fingerprint is:
 09: f7: 58: bc: 07:3 f: f4: 70:7 b: d7: ce: cb: 6b: 61: f8: 9c ralf @ server1

In this example we have generated two keys, one private (/ home / ralf / .ssh / id_rsa) and a public (/ home / ralf / .ssh / id_rsa.pub) of RSA with 2048 bits in length. We used 'passphrase' to avoid having to type it every time you connect.

Before continuing, there are two very important things to consider with respect to the security of our systems when we use SSH without password:

1. The first is that the private key should never be made public. We must be careful that nobody has access to your private key so as not to compromise the security of our system.
2. The second is that, by not using 'passphrase' (empty), we must be sure that the server machine (master) from where we are going to connect to other servers, must be safe. We need to take extra care with this machine, because if someone gets unwanted access it as root, you will get access in turn (without password) to all other servers in our network. To increase system security, and if we do not need access to 'root', we can create a system user with restricted privileges, which may be used to access other servers.

[Pugsly]

I would like to continue some more statements after seeing the post of "void".

Once you have generated your private key and publishes on our main server (which will have access to the rest of our machines), we have to copy the contents of the file / home / ralf / .ssh / id_rsa.pub (public key) to the ~ / .ssh / authorized_keys of the user who will have access without a key. This should be done on every machine that we want to access. The contents of ~ / .ssh / authorized_keys on different machines can be upgraded, for example, as follows:

Code:

 [Ralf @ server1] # scp / home / ralf / .ssh / id_rsa.pub ralf @ server2: ~ /
 [Ralf @ server1] # $ ssh server2 ralf @
 [Ralf @ server2] # $ cat ~ / id_rsa.pub>> ~ / .ssh / authorized_keys

After doing this, we can connect from 'server1' to 'server2', as the user 'ralf' and without a key, as follows:

Code:

[Ralf @ server1] # ssh ralf @ server2
 Last login: Thu July 31 17:00:17 2010

 [Ralf @ servido2] #

This procedure will have to repeat all the servers you wish to access the machine without a key from 'server1'.

To further enhance security, we update our servers / etc / hosts.allow and / etc / hosts.deny with the IP address or full name of the 'server1' (master server / main). These are the lines that we should add or upgrade if they already exist:

Code:

In / etc / hosts.allow:
 sshd: IP or hostname of 'server1'

 And in / etc / hosts.deny:
 sshd: ALL

[BlackSunReyes]

For those who do not know, cron is a process manager in the background that runs jobs at regular intervals. Cron is used to automate tasks to be performed periodically. The processes to be implemented and the time you should do so as specified in the crontab file to execute the processes. To edit this file you can use your favorite editor. To do this we must have the environment variable EDITOR defined and use crontab-e to edit our crontab. An example using the emacs editor:

Code:

[Ralf @ server1] # export EDITOR = / usr / bin / emacs
 [Ralf @ server1] # crontab-e

The lines starting with '#' are considered comments. We can use the line MAILTO = "usuario@ejemplo.com" to start for cron send us a message when you run a job. An example will help us understand this better. We list the contents of our crontab after it is updated with crontab-e:

Code:

[Ralf @ server1] # crontab-l

 MAILTO = "usuario@ejemplo.com"

 # Generate web statistics every day at 12:01 and 23:01 als 
 1 12.23 * * * / usr / local / bin / webalizer-c / etc / webalizer.conf

 # Clean back up the database (last save
 # Week).  Run work from Monday to Friday at 1:01
 01 01 * * 1-5 for files in `/ usr / bin / find / backups / pgsql /-mmin +10000`; do rm-f $ files; done

 # Run 'mi_script.sh' one minutes past the hour, every two hours.
 01 * / 2 * * * / usr / local / bin / mi_script.sh

Well the possibilities are many. You can use your imagination.

[Janet J]

at can also be used to run only once, a job at a certain time. Unlike cron which runs periodically until otherwise define the user's crontab. We can define the commands to run either the standard input or a file. The format in either case would, at hour: minute at-f file or hour: minute. An example will clarify things. (^ D means press the Ctrl + D). These two examples do the same (restarting the machine) but are defined differently:

Code:

[Ralf @ server1] # at 01/07/2010 21:30
 > Reboot
 > ^ D

 [Ralf @ server1] # cat / tmp / at_reboot
 reboot

 [Ralf @ server1] # at-f / tmp / at_reboot 01/07/2010 21:30

To view and clear the work defined commands can be used and at at-l-r 'ID of the work to delete'