Re: Can I sudo rsync to remote
On 01/09/10 05:45, T o n g wrote:
> Hi,
>
> My ssh environment is so set up that I can do
>
> rsync files me@remote_host:/path
>
> just fine without password whereas rsync files root@remote_host:/path
> would fail.
>
> Under such setting what's the easiest approach to rsync files that I
> can't read locally and write remotely as me.
>
> Thanks
>
You create a public private key pair (ssh-keygen) and add the public key
to the remote /root/.ssh/authorized_keys file (append it - unless it
doesn't exist, when you just copy it). If that key does not have a pass
phrase, then you can access the remote location as root without entering
a password/.
How you deploy the private part of the key depends on whether this is
the only pair of keys you use.
I tend to use a specialist pair for each separate remote site, in which
case I then edit ~/.ssh/config and add something like the following
Host that_remote_place
HostName remote.host
User root
IdentityFile ~/mydocs/PCinfo/keys/remote.host/remote_ssh_access
where the IdentityFile is the private key of the pair and (in this case)
the remote user is root@remote.host. I access that via the name
that_remote_place (but I am sure you will choose something shorter), so
in your case you would do
rsync files that_remote_place:/path
Don't forget to ensure that the remote_ssh_access file has 600 access
rights - so nobody else can read your private key of the pair.
You talked earlier about setting up a laptop. The real downside to
doing it this way on a machine that is not in a secure location is that
it might get stolen, in which case that private key is compromised. You
need to know what your plan is (remove the public key from
authorized_keys to revoke the private key) or put in a passphrase anyway
and let ssh-agent handle it. Unfortunately I don't know the details of this.
--
Alan Chandler
http://www.chandlerfamily.org.uk
Reply to: