Differences

This shows you the differences between two versions of the page.

--- computing:remote-upgrades [2019/04/20 22:11] – created oemb1905
+++ computing:remote-upgrades [2020/01/27 20:42] (current) – oemb1905
@@ Line 11: / Line 11: @@
 -------------------------------------------
-Ok, I was looking for an easy secure way to remotely upgrade the servers I manage all at once from my primary server.  I found some good online tutorials, and adjusted to my needs as follows.  And before you begin, you should only do this after you set up pubkey ssh, disable password authentication, and disable root authentication - see my ssh tutorial for help with setting that up.  Once your ssh access is secure, create a small shell script on each target machine that will update and upgrade its OS.
+For remote upgrades from primary workstation, first create a file on target called apt-remote:
-  `sudo nano /usr/local/bin/apt-remote`
+  sudo touch /usr/local/bin/apt-remote
-  `#!/bin/bash`
+  sudo chmod 750 /usr/local/bin/apt-remote
-  `apt update && apt dist-upgrade`
+  sudo chown $USER:$USER /usr/local/bin/apt-remote
-  `sudo chmod 750 /usr/local/bin/apt-remote`
+  sudo nano /usr/local/bin/apt-remote
-  `sudo chown $USER:$USER /usr/local/bin/apt-remote`
-Edit the sudoers file to allow this command to be executed without a password, thus enabling you to remotely execute this command over secure pubkey authentication without prompting you for additional authentication.  Change the "username" parameter to the user on that particular target machine.
+Once that is done, put in some parameters that will provide nice feedback to you while you execute the command from primary workstation:
-  `sudo nano /etc/sudoers`
+  #!/bin/bash
-  `username ALL=(root) NOPASSWD: /usr/local/bin/apt-remote`
+  echo "I am beginning";
+  cat /etc/motd
+  apt update
+  apt dist-upgrade
+  apt autoremove
+  apt autoclean
+  echo "I just finished";
+  echo "----->"
+  echo "-----> ----->"
+  echo "-----> -----> ----->"
+  echo "-----> -----> -----> ----->"
+  echo "-----> -----> -----> -----> -----> ... ... "
+  hostname
+  date
+  uname -a
+  echo "If there is another, I will begin that now ...";
+  sleep 10s
-Once this is set up, reboot each remote target, and now switch to configuring the primary workstation that you stage your updates from.  On the primary workstation, create a small shell script that updates your remote servers by remotely executing the scripts you made on each target from the primary workstation.  Here is an example, of a suitable shell script:
+Edit sudoers so that this command can be run on target without password, (or, if your prefer, do not do this, and then you can enter the password for each target as the primary workstations script executes):
-  `sudo touch /usr/local/bin/apt-remote-update.sh`
+  sudo nano /etc/sudoers
-  `sudo chmod 750 /usr/local/bin/apt-remote-update.sh`
-  `sudo chown $USER:$USER /usr/local/bin/apt-remote-update.sh`
+Add the following to the file, obviously changing "username" to the target machine's user name.
-  `sudo touch /usr/local/bin/apt-remote-update.sh`
+  username ALL=(root) NOPASSWD: /usr/local/bin/apt-remote
+Now you are ready to create the script on the primary workstation (localhost) that will pass the apt-remote script to the target workstations:
+  sudo touch /usr/local/bin/apt-remote-update.sh
+  sudo chmod 750 /usr/local/bin/apt-remote-update.sh
+  sudo chown $USER:$USER /usr/local/bin/apt-remote-update.sh
+  sudo touch /usr/local/bin/apt-remote-update.sh
 In the file that opens, use the following script parameters or something similar.  This script runs on the primary workstation and then executes the "sudo apt-remote" script on the target machine.  Again, none of this will work if your ssh is improperly configured.
-  `#!/bin/bash`
+  #!/bin/bash
-  `hostsa="servera.com serverb.com"`
+  hosts="server.com 10.55.55.9"
-  `#run on each host`
+  #run on each host
-  `for i in $hostsa;`
+  for i in $hosts;
-  `do`
+  do
-    `echo $i;`
+    echo "I will now update" $i;
-    `ssh -t -p 60000 $i sudo apt-remote;`
+    #ssh -t $i sudo apt-remote;
-  `done;`
+    ssh -t $i screen -S aptremotescreen sudo apt-remote;
-  `#use another set up if the targets have different ssh configs, etc.`
+  done;
-  `hostsb="serverc.com"`
-  `#run on each host`
-  `for i in $hostsb;`
-  `do`
-    `echo $i;`
-    `ssh -t -p 222 $i sudo apt-remote;`
-  `done;`
-When you test it, there should be no password prompts to connect to the remote hosts as the sudoer entry on the targets ensure that will not happen.  Additionally, since your ssh connection is pubkey only, with no root or password access, this remotely executed command presents limited secruity flaws.
+If you would prefer to do these types of backups with a vpn connection (instead of port forwarding), then use something like these configurations below.
- --- //[[netcmnd@jonathanhaack.com|oemb1905]] 2019/04/20 15:55//
+Option 1 - Using vpn connection, connect from localhost to remote host/server with ssh and screen, and then execute a script on the server that uses rsync over ssh to send its backup to target backup host on its LAN:
+Use this script on your localhost: [[https://repo.haacksnetworking.com/oemb1905/haackingclub/blob/master/backups/option1/localhost.sh|localhost.sh]]
+Use this script on the remote host that you are backing up: [[https://repo.haacksnetworking.com/oemb1905/haackingclub/blob/master/backups/option1/remote.sh|remote.sh]]
+Option 2 - Using vpn connection, connect from localhost to remote host/server with ssh and screen, and then execute a script on the server that uses rsync over ssh to send its backup back to you at localhost:
+Use this script on your localhost: [[https://repo.haacksnetworking.com/oemb1905/haackingclub/blob/master/backups/option2/localhost.sh|localhost.sh]]
+ --- //[[jonathan@haacksnetworking.com|oemb1905]] 2020/01/27 13:18//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools