HPE Community
Operating System - Linux
1819814 Members
2694 Online
109607 Solutions
New Discussion юеВ

rsync without password

 
SOLVED
Go to solution
'chris'
Super Advisor

тАО12-27-2009 07:22 PM

тАО12-27-2009 07:22 PM

rsync without password

hi

I'd like to configure rsync between 2 linux server without password question.
It works well using passwordless SSH.
Is it possible to configure just:

rsyncd.conf
rsyncd.secrets

and SSH configuration stay untouched?
0 Kudos
Reply
2 REPLIES 2
Matti_Kurkela
Honored Contributor

тАО12-28-2009 01:30 AM

тАО12-28-2009 01:30 AM

Solution

Re: rsync without password

The rsyncd.secrets file is used by the rsync server side only. It tells rsync which username/password pairs to accept.

For the client side, you would have to use either the RSYNC_PASSWORD environment variable or the --password-file option to avoid the password prompt.

Note that "man rsyncd.conf" says this about rsync authentication:
----
AUTHENTICATION STRENGTH
The authentication protocol used in rsync is a 128 bit MD4 based challenge response system. This is fairly weak protection, though (with at least one brute-force hash-finding algorithm publicly available), so if you want really top-quality security, then I recommend that you run rsync over ssh. (Yes, a future version of rsync will switch over to a stronger hashing method.)

Also note that the rsync daemon protocol does not currently provide any encryption of the data that is transferred over the connection. Only authentication is provided. Use ssh as the transport if you want encryption.
----

If your problem is that the presence of the default SSH key affects the behaviour of the ssh command, the solution is simple: just save the key dedicated to rsync use with a non-default name! (i.e. not ~/.ssh/id_rsa or ~/.ssh/id_dsa, but something different)

Then you can tell rsync to use ssh with a non-default SSH key using an option like:

rsync -e "ssh -i /some/where/custom_key"

If the SSH key is saved with a non-default name, OpenSSH will ignore it unless explicitly requested to use it.
If you use a commercial SSH package, the necessary filenames and syntax may be different, but the same idea applies.

At the server side, you can also set some options in the SSH authorized_keys file to lock down that particular SSH key so that it can be used for starting a rsync server-side *only*. See the "AUTHORIZED_KEYS FILE FORMAT" chapter in "man sshd" for more information.

MK
MK
Reply
Steven E. Protter
Exalted Contributor

тАО12-28-2009 08:15 AM

тАО12-28-2009 08:15 AM

Re: rsync without password

Shalom,

I use rsync -e ssh to run the authentication and transfer via ssh. This is more secure and if you have password free ssh, rsync will work the same way.

No need to play with rsyncd.conf or rsyncd.secrets.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.