SSH and automated backups

Tim Bowler — Tue, 20 Jan 2009 13:52:20 +0000

One of the key tools for ssh automation is keychain, which is pretty much available in most flavors of linux. Its usually not installed by default, therefore using your package manager install ‘keychain’

Ubuntu users:

$sudo apt-get install keychain

After its install, you set it up by entering the keychain command followed by your private key (not the public key).

$ keychain ~/.ssh/id_rsa
KeyChain 2.6.6; http://www.gentoo.org/proj/en/keychain/ Copyright 2002-2004
Gentoo Foundation; Distributed under the GPL

* Initializing /home/timmy/.keychain/hostname-sh file... * Initializing /home/timmy/.keychain/hostname-csh file... * Initializing /home/timmy/.keychain/hostname-fish file... * Starting ssh-agent * Adding 1 ssh key(s)... Enter passphrase for /home/timmy/.ssh/id_rsa: Identity added: /home/timmy/.ssh/id_rsa (/home/timmy/.ssh/id_rsa)

Keychain then creates three files which correspond to various shell environments. As I am using bash, the file I will be referencing will be /home/timmy/.keychain/hostname-sh.

$ source ~/.keychain/hostname-sh

To make sure everything is fine run the following to make sure the the environment is in fact set up:

$ env | grep SSH_A
SSH_AGENT_PID=9607
SSH_AUTH_SOCK=/tmp/ssh-bMoLeb9606/agent.9606

Of course you will want this to happen automatically on login so add the following to your ~/.bashrc

keychain ~/.ssh/id_rsa
source ~/.keychain/hostname-sh

The last step is to add the following line to your backup script (including the .)

. /home/timmy/.keychain/hostname-sh

Backup Scripts
Ill only mention the two methods that i use.
1. scp: To copy files from one location to another
2. rsync: To sync a remote location to local location

SCP

. /home/timmy/.keychain/hostname-sh
scp -r /home/timmy/Server_Backups/web/* root@192.168.0.1:/var/backup/web

Rsync

. /home/timmy/.keychain/hostname-sh
rsync -rzvhlc --delete -e "ssh -p 22 -i /home/timmy/.ssh/id_rsa -o 'BatchMode yes'"
root@hostname:/var/www/vhosts/vhostname/httpd/ home/timmy/Server_Backups/web/

After that you should not get the error:

Permission denied, please try again.
Received disconnect from 192.168.0.10: 2: Too many authentication failures for root
lost connection

SSH security

Tim Bowler — Sun, 10 Aug 2008 22:26:22 +0000

Over the last few weeks the server logs, especially /var/log/messages seems to be filled with consistent ssh dictionary attacks. Of course this cannot continue, so what do you do to prevent it?

Well there are a few things:

1. Setup the firewall to handle them

2. Installing deny hosts

3. Configure your ssh daemon properly

4. Set up proper accounts for people

The methods that I deploy are points 1, 3 and 4.

Configuring SSH

In the sshd_conf do the following:

- change the port number: port 9999

- Allow no password auth: PasswordAuthentication no

- Allow public key auth: PubkeyAuthentication yes

- Only allow user accounts that belong to a group: AllowGroups groupName

By setting the above you have place a lot of restrictions on the who can access your server using ssh.

Configure your firewall iptables in linux

iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 9999 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --minutes 60 --hitcount 4 --name SSH -j DROP

Finally the last thing is to configure the user accounts that can access the server. It is strongly recommended to add the users to the sudousers if they require any specialist privileges.

Tim Bowler » ssh

SSH and automated backups

SSH security