ssh catch 22

Ed lists at precognet.com
Mon Nov 13 21:54:45 GMT 2006 

On Wednesday 08 November 2006 00:34, Ed wrote:
> On Tuesday 07 November 2006 22:53, you wrote:
> ...snip...
>
> > You want to run the rsync command upon connection. Try to use:
> >
> > "command="/usr/bin/rsync --server --daemon --config=/foo/rsyncd.conf ."
> > ,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
> >   ssh-rsa [BASE64-encoded data of public key]
> >
> > This will cause rsync in server mode to show up on the server side of
> > the encrypted connection.
> > Now you can configure what is possible and not through /foo/rsyncd.conf,
> > e.g. allow read only,
> > chrooting etc.
> >
> > However, the client side still has to say "I want to archive", like this:
> >
> > rsync -av --rsh="ssh -l SSH_USER -i /someplace_safe/ssh_id_key"
> > LOCAL_FILE RSYNC_USER at TARGET_MACHINE::RSYNC_MODULE
> >
> > if source is LOCAL_FILE
> >
> > rsync -av --rsh="ssh -l SSH_USER -i /someplace_safe/ssh_id_key"
> > RSYNC_USER at TARGET_MACHINE::RSYNC_MODULE LOCAL_FILE
> >
> > if source is RSYNC_USER at TARGET_MACHINE::RSYNC_MODULE
> >
> > Best regards,
> >
> > -- David
>
> Hi David,
> thanks for your answer, I'll take a good look at it all tomorrow morning
> and put it to good use. :)
>
> I also got an answer from Martin Schröder who sent me the following link:
> http://www.jdmz.net/ssh/
>
> Thank you both!
>  -Ed

Hi again,
I spent some time trying the solutions you offered but none seem to work for 
me.

Does anyone have a step by step approach of a "passwordless rsync" via a 
certificate?

I managed a simple "hostname" lookup because it's the target that executes the 
command in the certificate but I can not see a way out of my catch 22.

If I send an rsync command to the target server, it is only logical that the 
target execute the command and thus fails miserably :(

I can't follow Davids howto as I have a rsync running as a daemon on the 
target server already and it seems a little fiddly for a simple rsync.

In short, if you got it to work, please let me know how you did it pretty 
please.

All I get for now is a prompt for a password or the infamous "protocol version 
mismatch -- is your shell clean?"

Regards,
 -Ed

More information about the rsync mailing list