Running an rsync server over a remote shell program
david at starks-browning.com
Wed Apr 23 06:57:10 EST 2003
Sorry for the late response.
On Wednesday 16 Apr 03, Marc Sarrel writes:
> I'm having problems with the command= syntax in the authorized_keys
> file. I'm running rsync 2.5.6. I've searched the list archives for
> "authorized_keys" and "protocol version mismatch", but I can't seem
> to derive a solution from those threads.
> Simply put, my goal is to let a group of 15 to 20 users update a set
> of files in a single user account on a group of remote machines that
> don't share a file system. But, I want ssh, via the forced-command
> syntax, to allow these users only to run rsync (i.e. not get a login
> shell or run some other command). Once that's working, I'll mess
> with rsyncd.conf to further restrict what they can do.
> I'm trying to do what it says in the man page section titled "RUNNING
> AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM". I have my ssh public
> keys all distributed and rsync works fine for me if I don't use the
> forced-command syntax in the authorized_keys file.
> For reference, my rsync command line looks like this:
> rsync --dry-run --verbose --checksum --recursive --copy-unsafe-links
> --times --rsh=ssh --rsync-path=/usr/local/bin/rsync --delete
> --timeout=30 --ignore-times --compress /foo/bar/baz
> Attempt 1:
> I first tried doing this in authorized_keys
> command="rsync --server --daemon ." <key>
> When I did that, I got the famous error:
> protocol version mismatch - is your shell clean?
> (see the rsync man page for an explanation)
> rsync error: protocol incompatibility (code 2) at compat.c(62)
When I've needed to set the command= parameter in a authorized_keys
file (just two weeks ago, actually), I simply invoke rsync (client)
with the -vv option. This tells me exactly what command is being
invoked remotely. From that you can easily construct your command
I found that all options (--checksum --recursive ...) are included in
the remotely-invoked command. Maybe that's your problem here. (Also
"." and "/home/ruser/bar" don't match.)
Note that I have not considered the possibility to use rsyncd.conf on
the remote site.
More information about the rsync