Keychain is a utility that manages SSH keys in a convenient and secure way. It can be used to set up secure passwordless SSH access for backup scripts on Linux. Here are the steps to use keychain to achieve this:
- Install keychain on your Linux system. On Debian/Ubuntu, you can use the following command:
sudo apt-get install keychain
On CentOS/RHEL, you can use the following command:
sudo yum install keychain
- Generate an SSH key pair on the machine where the backup script will be running, if you haven’t already done so. You can use the following command to generate a new key pair:
ssh-keygen
Follow the prompts to generate the key pair. By default, the private key will be saved in
~/.ssh/id_rsaand the public key will be saved in~/.ssh/id_rsa.pub. - Copy the public key to the remote machine where you want to run the backup script. You can use the following command to copy the public key to the remote machine:
ssh-copy-id user@remote-server
Replace
userwith the username you use to log in to the remote machine, andremote-serverwith the hostname or IP address of the remote machine. - Create a new script that will be used for backup. For example, you can create a new script called
backup.shin your home directory:nano ~/backup.sh
Enter the commands you want to run in the backup script.
- Edit your shell startup file (e.g.,
~/.bashrc,~/.zshrc, etc.) to start keychain and load your SSH key automatically. Add the following lines to the file:# Start keychain
/usr/bin/keychain $HOME/.ssh/id_rsa# Load the SSH key
source $HOME/.keychain/$HOSTNAME-sh
These lines will start keychain when you log in and load your SSH key automatically.
- Log out and log back in to load the changes to your shell startup file.
- Test the backup script by running it manually. You should not be prompted for a password or passphrase to connect to the remote machine. If the backup script runs successfully, you have set up secure passwordless SSH access using keychain.