Using Rsync With SSH?

Argentium Tiger agtiger at pictura.agtiger.com
Sat Dec 6 06:56:59 EST 2003 

Michael Monteith writes about wanting to use rsync with SSH to allow one
server to rsync stuff securely from another server, and wants some help.


Maybe I can give you a leg up here Michael.  I faced the same problem when
my backup file server needed to talk to my main file server over the
internet.  I wanted secure communication (obviously).

SSH uses port 22, so I couldn't use port 22 to do this, I needed to do
port redirection on the firewall in front of the main file server, so in
this example, I'm using port 505 and redirecting it on that firewall to
port 22 on the main file server.

I have a backup file server named ignis (fire) that backs up the
home directory from the main file server named fumus (smoke) via rsync.

Here's the command I have in /etc/cron.hourly/rsync_with_fumus:

rsync -arul --quiet -e "ssh -p 505 -c blowfish -l root"
fumus:/home /

Basically this translates to:  Rsync, with archive, recursive, update,
links, and shut up about the details, execute SSH on port 505, using
blowfish as the encryption algorithm, and log in as user root, to fumus,
transfer all of /home there to my root directory here.  Note:  The
contents of /home will not end up in / here.  /home will end up in / which
makes sense.  home lives in /

Clear as mud?  :-)

In your scenario, b is the backup, a is the main server,
and b will be contacting a to say "Give me everything you've got that's
changed in your /depot directory, and put it in the same location on my
local filestore".

You'll have this (or something very similar) in b's
/etc/cron.hourly/name_of_some_command

rsync -arul --quiet -e "ssh -p 22 -c blowfish -l root" a:/depot /

If you use add a 'v' to the '-arul' and take out the '--quiet' you'll get
visual results.

If you add a 'z' to the '-arul', you'll use compression.  SSH compresses
data anyway, so you might not really get much out of -z except some more
wasted clock cycles.

If you want this to happen automatically with no user intervention, you'll
need to modify your private key on machine b to not have a password.  Be
careful using this.  Once there's no password protecting your ssh private
key, it could theoretically be used by anyone.  You might want to do the
rsync as a separate user other than root and ensure both sides allow that
user permission to access the folders and files.

Also, make sure your /etc/cron.hourly/name_of_some_command is chmod'ed so
it's executable.

Play with it with test directories called /test

Rsync some simple text files you create or modify.

Hope this helps...

Argentium

More information about the rsync mailing list