0

I have the need to automatically dump a MySQL database on one server with mysqldump, copy it to another server (probably using rsync), and then import it on the server it was copied to with mysql.

Due to some attacks on the platform in question, as well as it being good practice, SSH is closed unless required to be open for maintenance or code deploys.

How can I automate opening of SSH on Azure to allow my scripts and commands to run and close after? Or is there a way to do the above without SSH?

Improve this question
9
  • You could try port knocking. Here's a pretty good description from a quick google: microhowto.info/howto/… Be sure to read up on the subject fully to see if it's a good fit for your security requirements.
    – Brandon Xavier
    Mar 2, 2021 at 8:01
  • @BrandonXavier, thank you for that. From what I can see, that will address an issue that can assist with ensuring "who" wants access, but it does not address the "how" of simply telling Azure to "open SSH now as if I had to click button X that opens it". Does that make sense what I am asking?
    – Kobus Myburgh
    Mar 2, 2021 at 9:08
  • I'll admit I have no direct experience with Azure - but if allowing access via iptables is all that is needed (and not something else from something such an Azure control panel), this really should do the trick - the last step in the chain is, after receiving the 3 correct knocks, to enable traffic on the desired port (22 in your case) at the VM level.
    – Brandon Xavier
    Mar 2, 2021 at 14:25
  • After re-reading my last comment, this may not be such a good solution after all. The problem being you would have to allow at least the 3 knock ports thru to the VM - which is going to possibly (seriously) lessen the effective security of such a solution.
    – Brandon Xavier
    Mar 2, 2021 at 14:29
  • Good point. Thanks for your comments. I will wait and see what others advise, if any :-)
    – Kobus Myburgh
    Mar 2, 2021 at 14:57

1 Answer 1

Reset to default
1

If your needing to do this at a fixed time then I would recommend using either Azure Automation or an Azure Function on a timer trigger. You can schedule this to run at a specific time and call into Azure using the Azure PowerShell Cmdlets or REST API to open up the network security group at a specific time, and close it again later.

Improve this answer
1
  • Thanks, Sam. I spoke to the infrastructure team, and they seem confident that this would work. Thanks for your answer.
    – Kobus Myburgh
    Mar 3, 2021 at 15:00

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .