Running an rsync server over a remote shell program

David Starks-Browning david at starks-browning.com
Wed Apr 23 06:57:10 EST 2003 

Sorry for the late response.

On Wednesday 16 Apr 03, Marc Sarrel writes:
> Hi,
> 
> I'm having problems with the command= syntax in the authorized_keys 
> file.  I'm running rsync 2.5.6.  I've searched the list archives for 
> "authorized_keys" and "protocol version mismatch", but I can't seem 
> to derive a solution from those threads.
> 
> Simply put, my goal is to let a group of 15 to 20 users update a set 
> of files in a single user account on a group of remote machines that 
> don't share a file system.  But, I want ssh, via the forced-command 
> syntax, to allow these users only to run rsync (i.e. not get a login 
> shell or run some other command).  Once that's working, I'll mess 
> with rsyncd.conf to further restrict what they can do.
> 
> I'm trying to do what it says in the man page section titled "RUNNING 
> AN RSYNC SERVER OVER A REMOTE SHELL PROGRAM".  I have my ssh public 
> keys all distributed and rsync works fine for me if I don't use the 
> forced-command syntax in the authorized_keys file.
> 
> For reference, my rsync command line looks like this:
> 
> rsync --dry-run --verbose --checksum --recursive --copy-unsafe-links 
> --times --rsh=ssh --rsync-path=/usr/local/bin/rsync --delete 
> --timeout=30 --ignore-times --compress /foo/bar/baz 
> <ruser>@<rhost>:/home/ruser/bar
> 
> Attempt 1:
> 
> I first tried doing this in authorized_keys
> 
> command="rsync --server --daemon ." <key>
> 
> When I did that, I got the famous error:
> 
> protocol version mismatch - is your shell clean?
> (see the rsync man page for an explanation)
> rsync error: protocol incompatibility (code 2) at compat.c(62)

When I've needed to set the command= parameter in a authorized_keys
file (just two weeks ago, actually), I simply invoke rsync (client)
with the -vv option.  This tells me exactly what command is being
invoked remotely.  From that you can easily construct your command
string.

I found that all options (--checksum --recursive ...) are included in
the remotely-invoked command.  Maybe that's your problem here.  (Also
"." and "/home/ruser/bar" don't match.)

Note that I have not considered the possibility to use rsyncd.conf on
the remote site.

Good luck!

Regards,
David

More information about the rsync mailing list