LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   rsync + ssh almost got it! But having a wierd problem :( (http://www.linuxquestions.org/questions/linux-software-2/rsync-ssh-almost-got-it-but-having-a-wierd-problem-530912/)

neyoung 02-20-2007 11:47 PM

rsync + ssh almost got it! But having a wierd problem :(
 
Everything works fine and my null passphrase key works if I just use ssh... ie

$ ssh -i ~/.ssh/id_dsa_nullkey user@host

ssh connects right up without a password or anything just how I want it to. But, when I try to connect with rsync its a different story. I'm using the following command...

$ /usr/bin/rsync -navz ~/backup/ -e "ssh -i ~/.ssh/id_dsa_nullkey" user@host:backup/

This spits out the following error

Warning: Identity file ~/.ssh/id_dsa_nullkey not accessible: No such file or directory.

I'm then asked for my password as if I was logging in without the id_dsa_nullkey identity. I have the id_dsa_nullkey.pub in the ~/.ssh/ directory with the permission set to 600 on both the local and remote machines.

In case it matters I created the key using the following command.

$ ssh-keygen -t dsa -f id_dsa_nullkey

I'm kinda lost at this point. It doesn't make sense to me how ssh can work just fine, but rsync won't. Any suggestions?

prozac 02-20-2007 11:59 PM

What happens when you do this?
Code:

$ /usr/bin/rsync -navz -e ssh ~/backup host:backup/
Where host is the host running the rsync server and you run this code as the same ssh user who's public key is at the server.

cgjones 02-21-2007 12:00 AM

Is there a rsync user account?

neyoung 02-21-2007 12:14 AM

$ /usr/bin/rsync -navz -e ssh ~/backup host:backup/
Password:
building file list ... done
backup/
backup/test

sent 101 bytes received 24 bytes 27.78 bytes/sec
total size is 20 speedup is 0.16


worked... but I think that would be syncing the files in the opposite order that I'm trying to do. Maybe I'm confused. I'm trying to sync the files off my computer to a remote server (ie. changed files will be uploaded from my machine to the remote machine). I'm running the rsync command from my computer. Would this be the correct usage?

And no, there isn't an rsync user on the machine. I only have a user account on the box.

prozac 02-22-2007 12:29 AM

Code:

$ /usr/bin/rsync -navz -e ssh ~/backup host:backup/
You run the command on your personal computer and it will incremental copy your backup directory to the remote server.

neyoung 02-22-2007 01:55 AM

cool, thats what I want. But its not using the key ssh key that I created that doesn't use a password.

Ultimately what I'm trying to do is connect to the remote backup host with two different keys. One key I want to be asked for a password and will be the way that I normally connect to the remote host. The other key I want to use only for backup with rsync and thus shouldn't have a password. I'll be restricting the access of the key that doesn't have a password with a script called validate-rsync by placing it in the ~/.ssh/id_dsa_nullkey file.

Code:

command="~/validate-rsync" ssh-dss AAAAB3Nza
C1kc3MAAAEBAKYJenaYvMG3nHwWxKwlWLjHb77CT2hXwmC8Ap+fG8wjlaY/9t4uA+2qx9JNorgdrWKhH
SKHokFFlWRj+qk3q+lGHS+hsXuvta44W0yD0y0sW62wrEVegz+JVmntxeYc0nDz5tVGfZe6ydlgomzj1
bhfdpYe+BAwop8L+EMqKLS4iSacNjoPlHsmqHMnbibn3tBqJEq2QJjEPaiYj1iP5IaCuYBhuTKQGa+oy
H3mXEif5CKdsIKBj46B0tCy0/GC7oWcUN92QdLrUyTeRJZsTWsxKpRbMliD2pBh4oyX/aXEf8+HZBrO5
vQjDBCfTFQA+35Xrd3eTVEjkGkncI0SAeUAAAAVAMZSASmQ9Pi38mdm6oiVXD55Kk2rAAABAE/bA402V
uCsOLg9YS0NKxugT+o4UuIjyl6b2/cMmBVWO39lWAjcsKK/zEdJbrOdt/sKsxIK1/ZIvtl92DLlMhci5
c4tBjCODey4yjLhApjWgvX9D5OPp89qhah4zu509uNX7uH58Zw/+m6ZOLHN28mV5KLUl7FTL2KZ583Kr
cWkUA0Id4ptUa9CAkcqn/gWkHMptgVwaZKlqZ+QtEa0V2IwUDWS097p3SlLvozw46+ucWxwTJttCHLzU
mNN7w1cIv0w/OHh5IGh+wWjV9pbO0VT3/r2jxkzqksKOYAb5CYzSNRyEwp+NIKrY+aJz7myu4Unn9de4
cYsuXoAB6FQ5I8AAAEBAJSmDndXJCm7G66qdu3ElsLT0Jlz/es9F27r+xrg5pZ5GjfBCRvHNo2DF4YW9
MKdUQiv+ILMY8OISduTeu32nyA7dwx7z5M8b+DtasRAa1U03EfpvRQps6ovu79mbt1OE8LS9ql8trx8q
yIpYmJxmzIdBQ+kzkY+9ZlaXsaU0Ssuda7xPrX4405CbnKcpvM6q6okMP86Ejjn75Cfzhv65hJkCjbiF
7FZxosCRIuYbhEEKu2Z9Dgh+ZbsZ+9FETZVzKBs4fySA6dIw6zmGINd+KY6umMWyJNej2Sia70fu3XLH
j2yBgN5cy8arlZ80q1Mcy763RjYGkR/FkLJ611HWIA= user@host


Here's the code in validate-rsync script

Code:

#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
rsync\ --server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac

The script basically disconnects you from the server if you try to do anything other than rsync. This script will always be run when the key that doesn't require a password is used. This will hopefully keep things fairly secure.

The process I'm trying to duplicate is documented in this article: <http://troy.jdmz.net/rsync/index.html>

I still can't figure out why ssh will accept the identity file normally, but when ssh is used in conjunction with rsync it won't.

neyoung 02-22-2007 03:54 AM

Code:

$ /usr/bin/rsync -navz -e "ssh -i ~/.ssh/id_dsa_nullkey" ~/backup host:backup/
returns

Warning: Identity file ~/.ssh/id_dsa_dreamhost_backup not accessible: No such file or directory.

and then asks for a password. I can't get it to recognize the identity file.


All times are GMT -5. The time now is 11:53 AM.