Rsync && ssh && passwordless

Ryan Sommers ryans at gamersimpact.com
Thu Oct 7 17:18:03 GMT 2004


Wayne Davison said:
> On Thu, Oct 07, 2004 at 10:20:34AM -0600, Ryan Sommers wrote:
>> Edited authorized_keys on M adding 'command="sudo /usr/local/bin/rsync
>> --server --daemon ."'
>
> You can't start an rsync daemon and then attempt to do a non-daemon
> transfer.  Get rid of the "command" setting above and tell rsync to
> run the remote rsync command using sudo:
>
> rsync -a --rsync-path='sudo rsync' NP at M:/path/to/stuff ./local/path
>
> ..wayne..
>

That works. After sending the first mail I was able to get it to work by
adding '-e ssh' to the command line and changing 'N at M:/path/to/stuff' to
'N at M::module'.

What is the difference between these two methods? Advantages of one over
other? Is it possible to come up with a solution such that user NP is only
usable as an rsync backup? I'd like to disallow logins by that user by
normal methods. And only if they provide the required RSA private key are
they only allowed to execute the sudo rsync command.

It seems to me that running in this manner to backup would be much more
secure than allowing root Ssh logins, yet from all the googling I've done
I haven't come across anything like this. Any thoughts?

-- 
Ryan Sommers
ryans at gamersimpact.com



More information about the rsync mailing list