I'm attempting to setup rsync to do backups of a remote system. I'd like to make it passwordless. The trouble I'm running into is I run sshd with PermitRootLogin Off for obvious security reasons. This means that I can't use rsync over ssh to the root user. Instead what I thought of was sshing to the machine I want to backup via a seperate user that is added to the sudoers file and is allowed to execute rsync via sudo without a password. Machine M is the machine being backed up Machine B is the backup machine NP is the non-privileged user on machine M Installed rsync on machine M, tested the config file to make sure I could get to it with regular rsyncd. Killed rsyncd since I wanted to do it over Ssh On B I generated an RSA key ssh-keygen -t rsa -N "". scp ~/.ssh/id_rsa.pub NP@M:.ssh/authorized_keys Edited authorized_keys on M adding 'command="sudo /usr/local/bin/rsync --server --daemon ."' To test I did: ssh NP@M and got: @RSYNCD: 28 Thinking that was the rsync process attempting to authentificate with the local client I tried running rsync on the local machine: rsync -a NP@M:/path/to/stuff ./local/path which gave me: protocol version mismatch - is your shell clean? (see the rsync man page for an explanation) rsync error: protocol incompatibility (code 2) at compat.c(69) Where did I go wrong? Is this not possible? If not, how can you go about backing up a remote system to preserve all file attributes and where the files being backedup aren't all readable by a non-privileged user or owned by the same user? -- Ryan Sommers ryans@gamersimpact.com
On Thu, Oct 07, 2004 at 10:20:34AM -0600, Ryan Sommers wrote:> Edited authorized_keys on M adding 'command="sudo /usr/local/bin/rsync > --server --daemon ."'You can't start an rsync daemon and then attempt to do a non-daemon transfer. Get rid of the "command" setting above and tell rsync to run the remote rsync command using sudo: rsync -a --rsync-path='sudo rsync' NP@M:/path/to/stuff ./local/path ..wayne..