Step three: Security
1. Firewall policy, use iptables to restrict specific ip & port.
2. When create replication user, use ‘user’@’ip’ rather than ‘user’@’%’
3. Use authorized keys for rsync so you can run rsync without a password. To create a ssh authoruzed key:
On source host
ssh-keygen -t rsa
Copy id_rsa.pub to destination host
Then execute the destination host
cat id_rsa.pub >> ~/.ssh/authorized_keys
No comments:
Post a Comment