Difference between revisions of "Batch deployment of DSA key (SSH) and schedule backup with export"

From MikroTik Wiki
Jump to: navigation, search
m
 
(6 intermediate revisions by one other user not shown)
Line 1: Line 1:
Pasting in script and information very soon.  
+
[[Use SSH to execute commands (DSA key login)]] shows you how to create a DSA key file.  
  
Use this
+
Make a file on your *nix host with the following content. Name the file "distr_key.sh"
  
<pre>%ssh-keygen -t dsa</pre>
+
<pre>#!/bin/sh
  
This creates a DSA key pair that is compatible with Mikrotik.
+
scp id_dsa.pub admin@$1:.
 +
ssh admin@$1 "user ssh-keys import public-key-file=id_dsa.pub user=admin"
 +
echo "$1 " >> node_list
 +
</pre>
  
Make a file on your *nix host with the following content. Call the fil
+
$1 in this script is the first argument passed from command line with the script. It should be a hostname or a ip adresse.
  
<pre>#!/bin/sh
+
<pre>sh distr_key.sh 192.168.10.1</pre> (make this file executible with "chmod 755 distr_key.sh" to avoid execute the shell with parametre)
 +
 
 +
You will be prompted for the admin password twice, once for the file transfer and once for the import dsa-key command. When the script ends it will apply the hostname or ip adresse to a new file called "node_list". This file will be used later on for the backup/export script.
 +
 
 +
Now you create a new file on your *nix host with the following content. Call the file "backup.sh"
 +
 
 +
<pre>
 +
#!/bin/sh
 +
 
 +
dato=`date +%y%m%d`
 +
liste=`cat node_list`
 +
 
 +
echo Starting backup
 +
 
 +
for node in $liste ; do
 +
  echo Backing up $node
 +
  ssh admin@$node export > $dato\_$node
 +
done;
 +
 
 +
echo Finished
  
scp key_for_backup admin@$1:.
+
ls -l $dato*
ssh admin@$1 "user ssh-keys import file=key_for_backup user=admin"
 
echo "$1 " >> node_list
 
 
</pre>
 
</pre>
  
$1 in this script is the first argument passed from command line with the script. It should be a hostname or a ip adresse.
+
Run the script file from command line with
 +
<pre>sh backup.sh</pre> or make the backup file executible with chmod like above.
 +
 
 +
Now the script read the node_list file and execute a ssh session to the mikrotik, run the export command and save the content to a file named with the date and the node name or node ip adresse. When the script ends it executes a file listing that shows you the backed up files.
 +
 
 +
<pre>
 +
admin@server:~/backup$ ./backup.sh
 +
Starting backup
 +
Backing up 192.168.10.1
 +
Backing up 192.168.10.90
 +
Backing up 192.168.10.95
 +
Backing up 192.168.10.96
 +
Backing up 192.168.10.97
 +
Backing up 192.168.10.60
 +
Backing up 192.168.10.70
 +
Backing up 192.168.10.91
 +
Finished
 +
-rw-r--r-- 1 admin admin 37516 108-05-21 20:00 080521_192.168.10.1
 +
-rw-r--r-- 1 admin admin 16560 108-05-21 20:00 080521_192.168.10.60
 +
-rw-r--r-- 1 admin admin 15469 108-05-21 20:00 080521_192.168.10.70
 +
-rw-r--r-- 1 admin admin 20965 108-05-21 20:00 080521_192.168.10.90
 +
-rw-r--r-- 1 admin admin 18512 108-05-21 20:00 080521_192.168.10.91
 +
-rw-r--r-- 1 admin admin 18142 108-05-21 20:00 080521_192.168.10.95
 +
-rw-r--r-- 1 admin admin 15135 108-05-21 20:00 080521_192.168.10.96
 +
-rw-r--r-- 1 admin admin 15428 108-05-21 20:00 080521_192.168.10.97
 +
admin@server:~/backup$
 +
</pre>
  
<pre>sh distr_key.sh 192.168.10.1</pre> (make this file executible with "chmod 755 distr_key.sh" to avoid execute the shell with paramentre)
+
Simple, but it should be effective. Of course if you want, expand the scripts with more error checking and maybe a directory for every node instead of all in the same directory.  
  
You will be prompted for the admin password twice, once for the file transfer and one for the import dsa-key command. When the script ends it will apply the hostname or ip adresse to a new file called "node_list".
+
And finaly put it into a cron job and execute it once every night.

Latest revision as of 13:01, 1 April 2016

Use SSH to execute commands (DSA key login) shows you how to create a DSA key file.

Make a file on your *nix host with the following content. Name the file "distr_key.sh"

#!/bin/sh

scp id_dsa.pub admin@$1:.
ssh admin@$1 "user ssh-keys import public-key-file=id_dsa.pub user=admin"
echo "$1 " >> node_list

$1 in this script is the first argument passed from command line with the script. It should be a hostname or a ip adresse.

sh distr_key.sh 192.168.10.1
(make this file executible with "chmod 755 distr_key.sh" to avoid execute the shell with parametre)

You will be prompted for the admin password twice, once for the file transfer and once for the import dsa-key command. When the script ends it will apply the hostname or ip adresse to a new file called "node_list". This file will be used later on for the backup/export script.

Now you create a new file on your *nix host with the following content. Call the file "backup.sh"

#!/bin/sh

dato=`date +%y%m%d`
liste=`cat node_list`

echo Starting backup

for node in $liste ; do
  echo Backing up $node
  ssh admin@$node export > $dato\_$node
done;

echo Finished

ls -l $dato*

Run the script file from command line with

sh backup.sh
or make the backup file executible with chmod like above.

Now the script read the node_list file and execute a ssh session to the mikrotik, run the export command and save the content to a file named with the date and the node name or node ip adresse. When the script ends it executes a file listing that shows you the backed up files.

admin@server:~/backup$ ./backup.sh
Starting backup
Backing up 192.168.10.1
Backing up 192.168.10.90
Backing up 192.168.10.95
Backing up 192.168.10.96
Backing up 192.168.10.97
Backing up 192.168.10.60
Backing up 192.168.10.70
Backing up 192.168.10.91
Finished
-rw-r--r-- 1 admin admin 37516 108-05-21 20:00 080521_192.168.10.1
-rw-r--r-- 1 admin admin 16560 108-05-21 20:00 080521_192.168.10.60
-rw-r--r-- 1 admin admin 15469 108-05-21 20:00 080521_192.168.10.70
-rw-r--r-- 1 admin admin 20965 108-05-21 20:00 080521_192.168.10.90
-rw-r--r-- 1 admin admin 18512 108-05-21 20:00 080521_192.168.10.91
-rw-r--r-- 1 admin admin 18142 108-05-21 20:00 080521_192.168.10.95
-rw-r--r-- 1 admin admin 15135 108-05-21 20:00 080521_192.168.10.96
-rw-r--r-- 1 admin admin 15428 108-05-21 20:00 080521_192.168.10.97
admin@server:~/backup$

Simple, but it should be effective. Of course if you want, expand the scripts with more error checking and maybe a directory for every node instead of all in the same directory.

And finaly put it into a cron job and execute it once every night.