rsync - Oct 2003 - howto enable ssh on connect to rsync daemon

> rsync -av --delete node2::resource /path/to/localresource > $LOG
2>&1
>
> [skipped text]
>
> Can someone please help how to set this up to go over SSH and without the
> need to supply a password?
You need to read the man page, specifically the sections on how to address
remote resources.  You don't have to (and shouldn't) attempt to set up
rsync
shares if you're using SSH; that's only for operating in daemon mode. 
You
want something more along the lines of the following:

rsync -rvz --rsh=/usr/local/bin/ssh username@servername:/path/to/resource
/path/to/resource

Hope that helps.

Jim Salter
JRS Systems

----- Original Message -----
From: " wilma " <wilma2002@spray.se>
To: <rsync@lists.samba.org>
Sent: Thursday, October 09, 2003 3:49 AM
Subject: howto enable ssh on connect to rsync daemon


Hi,
I'm trying to setup automatic sync of files over SSH from node2 to node1.
node2 is the "server" and node1 is the "client".
I have setup rsync like this on the nodes which runs AIX (4.3.3 and 5.1):

1. Installed rsync from Linux Toolbox (rsync-2.5.4-1.aix4.3.ppc.rpm) on both
nodes.
2. Added following to both nodes /etc/services file:
     rsync           873/tcp
3. Added following to node2 /etc/inetd.conf and refreshed inetd
     rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
4. Created /etc/rsyncd.conf on node2 with this content:
     log file = /var/log/rsyncd.log

     [resource]
             path = /path/to/resource
             comment = resource file area
             read only = yes
             auth users = user
             hosts allow = node1
             secrets file = /etc/rsyncd.secrets
5. Created /etc/rsyncd.secrets at mode 600 on node2 with this content:
user:password
6. Created a script on node1 to be used from cron with this content:
     #!/bin/ksh
     #
     LOG=/var/log/rsync.log
     export USER=user
     export RSYNC_RSH=ssh
     export RSYNC_PASSWORD=password

     echo $(date) >> $LOG
     echo "" >> $LOG

     rsync -av --delete node2::resource /path/to/localresource > $LOG
2>&1
     echo "**********************************************" >>
$LOG

----------------------------------------------------------------------------
----------------------------
The script runs fine, but I can see in an iptrace it does'nt use SSH.
Instead it connects to port 873 on
node2.
I have tried adding the flag --rsh "ssh" to the command but it tells
me
this:
"WARNING: --rsh or -e option ignored when connecting to rsync daemon"

Can someone please help how to set this up to go over SSH and without the
need to supply a password?
Thanks in advance
-wilma-

____________________________________________________________
  Singelkryssen l?ttar ankar igen! Ta med kompisarna!
  http://www.spray.se/datekryss




----------------------------------------------------------------------------
----

> --
> To unsubscribe or change options:
http://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Hi,
I'm trying to setup automatic sync of files over SSH from node2 to node1.
node2 is the "server" and node1 is the "client".
I have setup rsync like this on the nodes which runs AIX (4.3.3 and 5.1):

1. Installed rsync from Linux Toolbox (rsync-2.5.4-1.aix4.3.ppc.rpm) on both
nodes.
2. Added following to both nodes /etc/services file:
     rsync           873/tcp
3. Added following to node2 /etc/inetd.conf and refreshed inetd
     rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
4. Created /etc/rsyncd.conf on node2 with this content:
     log file = /var/log/rsyncd.log

     [resource]
             path = /path/to/resource
             comment = resource file area
             read only = yes
             auth users = user
             hosts allow = node1
             secrets file = /etc/rsyncd.secrets
5. Created /etc/rsyncd.secrets at mode 600 on node2 with this content:
user:password
6. Created a script on node1 to be used from cron with this content:
     #!/bin/ksh
     #
     LOG=/var/log/rsync.log
     export USER=user
     export RSYNC_RSH=ssh
     export RSYNC_PASSWORD=password
     
     echo $(date) >> $LOG
     echo "" >> $LOG
     
     rsync -av --delete node2::resource /path/to/localresource > $LOG
2>&1
     echo "**********************************************" >>
$LOG

--------------------------------------------------------------------------------------------------------
The script runs fine, but I can see in an iptrace it does'nt use SSH.
Instead it connects to port 873 on
node2.
I have tried adding the flag --rsh "ssh" to the command but it tells
me this:
"WARNING: --rsh or -e option ignored when connecting to rsync daemon"

Can someone please help how to set this up to go over SSH and without the need
to supply a password?
Thanks in advance
-wilma-

____________________________________________________________
  Singelkryssen l?ttar ankar igen! Ta med kompisarna!
  http://www.spray.se/datekryss

----- Original Message ----- 
From: " wilma " <wilma2002@spray.se>
To: <rsync@lists.samba.org>
Sent: Thursday, October 09, 2003 9:49 AM
Subject: howto enable ssh on connect to rsync daemon


Hi,
I'm trying to setup automatic sync of files over SSH from node2 to node1.
node2 is the "server" and node1 is the "client".
I have setup rsync like this on the nodes which runs AIX (4.3.3 and 5.1):
--

Short answer in english (RTFM) and also RTFFAQ especially on how to use rsa
key authorization with ssh.

-- Howto setup ssh key authentication (In swedish):

Steg 1-5 ?r inte n?dv?ndiga. Dvs du beh?ver ingen rsync demon om du avser
anv?nda ssh.
Om du d?remot vill anv?nda ssh utan l?senord s? m?ste du generera en nyckel p?
client maskinen. Detta har inte med rsync att g?ra utan ?r f?r att s?tta upp
ett "trust relationship with shared secret" mellan tv? maskiner. Trust
f?rh?llandet baseras p? att servern har tillg?ng till klientens publika nyckel
och s? l?nge du inte slarvar med den hemliga nyckeln som ligger kvar p?
klienten s? ?r detta s?kert.

Har sj?lv satt upp detta f?r n?gra ?r sedan 1998 tror jag p? en AIX 4.3 maskin
p? finansinspektionen.

G?r s?h?r:
node1# ssh-keygen -t rsa
(Ingen passphrase om du inte vill ha n?n password fr?ga)

Kopiera sedan den publika delen av nyckeln till servern (node2).
node1#scp .ssh/id_rsa.pub node2:.ssh/id_rsa_node2.pub

G? sedan in p? servern och skapa en authorized_keys fil. Om du inte har n?n
s?n redan kan du helt enkelt d?pa om filen id_rsa_node2.pub till
authorized_keys:
node2#cd .ssh
node2#cat id_rsa_node2.pub >>authorized_keys

Nu komer du att kunna k?ra kommandon p? node2 fr?n node1 utan l?senord. Detta
?r lite v?l ?ppet. Om du vill ha det s?krare m?ste du skapa ett script p?
node2 som endast k?r rsync p? de filer du avser kopiera. Skapa f?ljande script
p? node2:
/usr/local/bin/node2-rsyncserver:
#!/bin/sh
rsync --server --sender -a --delete -- /path/to/resource

?ndra sedan i authorized_keys s? att endast scriptet
/usr/local/bin/node2-rsyncserver f?r k?ras fr?n node1. F?ljande rad skall
l?ggas till efter nyckeln:
command="/usr/local/bin/node2-rsyncserver"

Kom sedan ih?g att s?kerheten helt bygger p? att den hemliga delen av nyckel
?r skyddad. Att ha hemmabibliotek p? tex nfs servers sabbar tex detta skydd.
Man kan anv?nda samma hemliga nyckel p? flera klienter men jag f?redrar nog
att ha en nyckel f?r varje klient. Det underl?ttar om man vill st?nga av en
klient senare. Det ?r bara att ta bort nyckeln fr?n authorized_keys filen.

Om du sedan vill kunna k?ra n?t annat kommando (med l?senord) f?resl?r jag att
du d?per om den hemliga nycken till n?t annat och k?r sedan ssh kommandot fr?n
klienten p? f?ljande s?tt:
rsync --rsh="ssh -i id_rsa_rsync" osv.

mvh

Hans Eric

Wilma, the manpage section titled

   CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM

says this

       It  is sometimes useful to be able to set up file transfers using rsync
       server capabilities on the remote machine, while still using rsh or ssh
       for transport.  This is especially useful when you want to connect to a
       remote machine via ssh (for encryption or to get through  a  firewall),
       but  you  still  want  to have access to the rsync server features (see
       RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM, below).

       From the user's perspective, using rsync in this way  is  the  same 
as
       using it to connect to an rsync server, except that you must explicitly
       set the remote shell program on the command  line  with  --rsh=COMMAND.
       (Setting RSYNC_RSH in the environment will not turn on this functional-
       ity.)

       In order to distinguish between the remote-shell  user  and  the  rsync
       server user, you can use '-l user' on your remote-shell command:

              rsync -av --rsh="ssh -l ssh-user"
rsync-user@host::module[/path]
              local-path

       The "ssh-user" will be used at the ssh level; the
"rsync-user" will  be
       used to check against the rsyncd.conf on the remote host.

After reading that and looking at your command in the script
   rsync -av --delete node2::resource /path/to/localresource > $LOG
2>&1

I don't think you can just set environment variable USER and
have that work right.  Try specifying the command as the manpage
suggests, with the --rsh="ssh -l ssh_user" rsync-user@host::module

HTH.
-- 
Hardy Merrill
Red Hat, Inc.

 wilma  [wilma2002@spray.se] wrote:
> Hi,
> I'm trying to setup automatic sync of files over SSH from node2 to
node1.
> node2 is the "server" and node1 is the "client".
> I have setup rsync like this on the nodes which runs AIX (4.3.3 and 5.1):
> 
> 1. Installed rsync from Linux Toolbox (rsync-2.5.4-1.aix4.3.ppc.rpm) on
both nodes.
> 2. Added following to both nodes /etc/services file:
>      rsync           873/tcp
> 3. Added following to node2 /etc/inetd.conf and refreshed inetd
>      rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
> 4. Created /etc/rsyncd.conf on node2 with this content:
>      log file = /var/log/rsyncd.log
> 
>      [resource]
>              path = /path/to/resource
>              comment = resource file area
>              read only = yes
>              auth users = user
>              hosts allow = node1
>              secrets file = /etc/rsyncd.secrets
> 5. Created /etc/rsyncd.secrets at mode 600 on node2 with this content:
> user:password
> 6. Created a script on node1 to be used from cron with this content:
>      #!/bin/ksh
>      #
>      LOG=/var/log/rsync.log
>      export USER=user
>      export RSYNC_RSH=ssh
>      export RSYNC_PASSWORD=password
> 
>      echo $(date) >> $LOG
>      echo "" >> $LOG
> 
>      rsync -av --delete node2::resource /path/to/localresource > $LOG
2>&1
>      echo "**********************************************"
>> $LOG
> 
>
--------------------------------------------------------------------------------------------------------
> The script runs fine, but I can see in an iptrace it does'nt use SSH.
Instead it connects to port 873 on
> node2.
> I have tried adding the flag --rsh "ssh" to the command but it
tells me this:
> "WARNING: --rsh or -e option ignored when connecting to rsync
daemon"
> 
> Can someone please help how to set this up to go over SSH and without the
need to supply a password?
> Thanks in advance
> -wilma-
> 
> ____________________________________________________________
>   Singelkryssen l?ttar ankar igen! Ta med kompisarna!
>   http://www.spray.se/datekryss

Hello list,
thanks for your input.
As Hans Eric pointed out earlier this is what I had to do:

1. create a private key on node1, with no  passphrase and rename the file to
just use with rsync:
ssh-keygen -t rsa
cd /.ssh
mv id_rsa id_rsa_rsync

2. copy the contents of /.ssh/id_rsa.pub to node1:
scp .ssh/id_rsa.pub node2:.ssh/authorized_keys

3. use the following command from node1 to make the sync from node2

rsync -avz --delete --rsh=?ssh ?i /.ssh/id_rsa_rsync? 
root@node2:/path/to/resource/ /path/to/localresource/

Thanks
-wilma-
?

------ Ursprungligt meddelande -------------------?
Fr?n: Hardy Merrill <hmerrill@redhat.com>?
Datum: Thu, 9 Oct 2003 10:13:31 -0400?
?mne: Re: howto enable ssh on connect to rsync daemon?

Wilma, the manpage section titled

   CONNECTING TO AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM

says this

       It  is sometimes useful to be able to set up file transfers using rsync
       server capabilities on the remote machine, while still using rsh or ssh
       for transport.  This is especially useful when you want to connect to a
       remote machine via ssh (for encryption or to get through  a  firewall),
       but  you  still  want  to have access to the rsync server features (see
       RUNNING AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM, below).

       From the user's perspective, using rsync in this way  is  the  same 
as
       using it to connect to an rsync server, except that you must explicitly
       set the remote shell program on the command  line  with  --rsh=COMMAND.
       (Setting RSYNC_RSH in the environment will not turn on this functional-
       ity.)

       In order to distinguish between the remote-shell  user  and  the  rsync
       server user, you can use '-l user' on your remote-shell command:

              rsync -av --rsh="ssh -l ssh-user"
rsync-user@host::module[/path]
              local-path

       The "ssh-user" will be used at the ssh level; the
"rsync-user" will  be
       used to check against the rsyncd.conf on the remote host.

After reading that and looking at your command in the script
   rsync -av --delete node2::resource /path/to/localresource > $LOG
2>&1

I don't think you can just set environment variable USER and
have that work right.  Try specifying the command as the manpage
suggests, with the --rsh="ssh -l ssh_user" rsync-user@host::module

HTH.
-- 
Hardy Merrill
Red Hat, Inc.

 wilma  [wilma2002@spray.se] wrote:
> Hi,
> I'm trying to setup automatic sync of files over SSH from node2 to
node1.
> node2 is the "server" and node1 is the "client".
> I have setup rsync like this on the nodes which runs AIX (4.3.3 and 5.1):
> 
> 1. Installed rsync from Linux Toolbox (rsync-2.5.4-1.aix4.3.ppc.rpm) on
both nodes.
> 2. Added following to both nodes /etc/services file:
>      rsync           873/tcp
> 3. Added following to node2 /etc/inetd.conf and refreshed inetd
>      rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
> 4. Created /etc/rsyncd.conf on node2 with this content:
>      log file = /var/log/rsyncd.log
> 
>      [resource]
>              path = /path/to/resource
>              comment = resource file area
>              read only = yes
>              auth users = user
>              hosts allow = node1
>              secrets file = /etc/rsyncd.secrets
> 5. Created /etc/rsyncd.secrets at mode 600 on node2 with this content:
> user:password
> 6. Created a script on node1 to be used from cron with this content:
>      #!/bin/ksh
>      #
>      LOG=/var/log/rsync.log
>      export USER=user
>      export RSYNC_RSH=ssh
>      export RSYNC_PASSWORD=password
> 
>      echo $(date) >> $LOG
>      echo "" >> $LOG
> 
>      rsync -av --delete node2::resource /path/to/localresource > $LOG
2>&1
>      echo "**********************************************"
>> $LOG
> 
>
--------------------------------------------------------------------------------------------------------
> The script runs fine, but I can see in an iptrace it does'nt use SSH.
Instead it connects to port 873 on
> node2.
> I have tried adding the flag --rsh "ssh" to the command but it
tells me this:
> "WARNING: --rsh or -e option ignored when connecting to rsync
daemon"
> 
> Can someone please help how to set this up to go over SSH and without the
need to supply a password?
> Thanks in advance
> -wilma-
> 
> ____________________________________________________________
>   Singelkryssen l?ttar ankar igen! Ta med kompisarna!
>   http://www.spray.se/datekryss
____________________________________________________________
  F?r alla singlar - singelkryssen l?ttar ankar igen den 23 oktober. Boka nu!
  http://www.spray.se/datekryss