Monday, January 5, 2009

SCP Automation.

Today's world is fully automated, so are the responsibilities of a DBA. Starting from checking alert logs for ORA- errors to checking if a listener/database is active. Whenever there is something that need to be done is not automated, a DBA starts muttering about the job. One such automation requirement is an SCP transfer of files from one server to another.

Most of the environments now prefer ssh connection to the unix hosts over conventional telnet, and one drawback of ssh connection to a host is it does not allow for FTP access. The ultimate solution for this would be to SCP the files. But SCP requires a user be authenticated before the copy could actually start.

Before we move on any further, lets see how SCP works. Here is a scenario to make things understandable. A DBA wants to transfer a file from one host(source) to another host(destination), the command goes like this

source$> scp oracle@destination_ip_or_hostname:$HOME/.

Once the enter key is hit, password for the destination oracle user is prompted - since this is a secure copy. If the number of files that are to be copied are just a few, say less than 5, one does not feel it mundane to key in the password. However if the files to be transferred are more in number say 10, 20 or lets keep it to 50 (big enough), one has to bear the brunt of keying in the password for as many number of files to be transferred.

This authentication mechanism could be skipped if the password key of the source is appended to a file in destination. Let us see how this works. There is a .ssh directory under $HOME directory under every user of a host in an ssh environment, which is where all the authentication of a remote host takes place. Now navigate to .ssh

host1@/export/oracle/home/$>cd .ssh
host1@/export/oracle/home/.ssh$>

Enter the below command to generate a public/private rsa key pair and accept defaults for name of the file to save the password key, also Enter no passphrase, hit enter when prompted for a passphrase.




If the file(s) already exist, the command execution would like shown below.




The above command generates two files, id_rsa and id_rsa.pub. id_rsa.pub is the public key of this host, which has to be transmitted to the destination where you intend to secure copy the files. Offcourse the file id_rsa.pub has to be transmitted by entering the password for the remote host.



Now the contents of id_rsa.pub file has to be appended to the authorized_keys file in the destination host under the directory $HOME/.ssh/



We are now good to go for transfering files over SCP without being prompted for a password. This is really helpful in transfering files using a shell script where a list of SCP syntaxes of files to be transferred are specified in a script.

Note: The above procedure was only tested and implemented on Sun Solaris and HP -UX, for the rest of the flavours of UNIX - it is highly recommended to go through the OS manual or implement on a test environment before moving to production.

No comments: