Re: SSH & Rsync issues

To: debian-user@lists.debian.org
Subject: Re: SSH & Rsync issues
From: Hal Vaughan <hal@halblog.com>
Date: Fri, 10 Sep 2010 14:18:42 -0400
Message-id: <[🔎] 2A5A5E5E-F874-4E47-B933-591882C8F070@halblog.com>
In-reply-to: <[🔎] 20100910173632.GB16817@aurora.owens.net>
References: <[🔎] A7016DE8-9F9D-475C-9EB8-97308036F381@halblog.com> <[🔎] 20100910121418.GB14903@aurora.owens.net> <[🔎] 2F4C87E7-585A-4704-BBD3-33BFBB945679@halblog.com> <[🔎] 20100910173632.GB16817@aurora.owens.net>

On Sep 10, 2010, at 1:36 PM, Rob Owens wrote:

> On Fri, Sep 10, 2010 at 10:57:56AM -0400, Hal Vaughan wrote:
>> 
>> On Sep 10, 2010, at 8:14 AM, Rob Owens wrote:
>> 
>>> On Thu, Sep 09, 2010 at 06:01:55PM -0400, Hal Vaughan wrote:
>>>> In short: 
>>>> 
>>>> I have ssh set up on two systems so I can ssh from one to the other.  My id_rsa.pub in ~/.ssh on my system is copied into ~/.ssh/authorized_keys on the remote system.  I can ssh from local to remote with no issue and it's configured so authentication does not use passwords, but uses the RSA ID.  This works perfectly.  "ssh remote" gets me logged in immediately.
>>>> 
>>>> I can rsync to the other machine.  Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred.  BUT when I try to use rsync over ssh, it will NOT work
>> 
>>>> ....
>>>> Any suggestions?
>>>> 
>>> I think you are mixing/confusing the 2 rsync methods.  One is the rsyncd
>>> daemon.  To rsync to an rsyncd daemon, you use two colons after the
>>> hostname, like this
>>> 
>>> rsync localfile tnet-web::threshNet-Public
>>> 
>>> This tranfers everything in the clear.  Last I checked, there was no
>>> built-in method to transfer over ssh using the daemon.  You could set up
>>> an SSL or SSH tunnel to do that.
>>> 
>>> 
>>> The other method of using rsync is with a single colon, like this
>>> 
>>> rsync localfile tnet-web:threshNet-Public
>>> 
>>> This automatically uses ssh for transfer, but it requires a few things.
>>> 
>>> 1)  your user must have an account on tnet-web
>>> 2)  threshNet-Public is a folder inside your user's home directory on
>>> tnet-web
>>> 3)  it does not require an rsyncd.conf file, and doesn't look at it even
>>> if you have one.
>>> 
>>> 
>>> Hope that helps.
>> 
>> Yes, that clarifies it.  I was not aware of the one colon vs. the two colon situation at all and it makes a lot of sense.
>> 
>> But that still leaves the "--rsh=ssh" option as a question.  From reading the man pages, I was thinking that would make rsync use ssh, but nothing I've done made it work.
>> 
>> I've decided to encrypt the files before syncing them so they won't be sent in the clear and to use passwords on rsync.  Since a number of different client systems will use this setup, I don't want them all having ssh keys or access to the system through ssh in case of a break-in.
>> 
>> 
>> Thank you.  You've cleared up a LOT for me.
>> 
> On my Lenny system, "man rsync" states the following in the "CONNECTING
> TO AN RSYNC DAEMON" section:
> 
> you must not specify the --rsh (-e) option

I had never realized man pages differed so much.  I even found differences on the man pages on my iMac.  (Can I say "iMac" on this list or is it a dirty word here?)

> There's also a section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL
> CONNECTION" that you might find useful.  It mentions some ways of
> encrypting the rsync daemon transfer.
> 
> It also shows the following command, which seems to ignore the "you must
> not specify..." rule above:   rsync -av --rsh=ssh host::module /dest 
> But if you read carefully it seems to say that this requires a user
> account on the host machine.  I've never tried that, so I can't help you
> much there.

That's where I got confusing -- they give an example, the very one you point out, and I tried it, but could not get it to work, even with a user who had an account on the receiving system.  The remote system, though, was on my web hosting service and it was later I realized they have a different version of rsync, which could result in compatibility issues or that version not doing what others can do.  I did try it, though, exactly like they described, and with a user who had a shell account on the remote system.

> You should probably google "rsyncd encryption" and see what you can
> find.
> 
> 
> For the single-colon rsync, you don't need to specify --rsh=ssh.  It is
> the default.

Yeah, but I don't want to set up user accounts on the host.  For one thing, on my web hosting site, Westhost doesn't provide an easy way to add users, so I can't just add another easily.  Everything in my system is automated so I can add a new client/user with a single command.  It's a pain to have it all set up here then have to go to the web control panel on the website to add a user.  When it's not automated, it's easy to forget a step of the process.

I've decided I'm going to encrypt the files locally, then send them up using rsync to an account that requires a password and the other system will download them THEN unencrypt them, so the files will be encrypted when sent over the Internet and stored there and only clear when they're on a local system.

Thanks for the info on this.  I'm going to give up, in this case, on the whole ssh thing with rsync.

Hal

Reply to:

Follow-Ups:
- Re: SSH & Rsync issues
  - From: Rob Owens <rowens@ptd.net>

References:
- SSH & Rsync issues
  - From: Hal Vaughan <hal@halblog.com>
- Re: SSH & Rsync issues
  - From: Rob Owens <rowens@ptd.net>
- Re: SSH & Rsync issues
  - From: Hal Vaughan <hal@halblog.com>
- Re: SSH & Rsync issues
  - From: Rob Owens <rowens@ptd.net>

Prev by Date: Re: new squeeze-again
Next by Date: Re: SSH & Rsync issues
Previous by thread: Re: SSH & Rsync issues
Next by thread: Re: SSH & Rsync issues
Index(es):
- Date
- Thread