Trying to elevate rsync privileges when connecting over ssh without using NOPASSWD in sudoers
Carson Gaspar
carson+rsync at taltos.org
Sun Mar 13 15:49:21 UTC 2022
On 3/11/2022 4:39 AM, Dr. Mark Asbach via rsync wrote:
> a) Using ssh-askpass, we can use the options -e "ssh -X"
> --rsync-path="sudo -A rsync" (see https://askubuntu.com/a/1167758).
> The problem in our scenario is that using ansible, we run the
> identical rsync command on multiple hosts in parallel (we target about
> 32 VMs in one go). So the person running the script would have to
> enter the password into 32 dialogs exactly at the time they pop up.
You could use ssh-agent instead, and add either an ssh public key PAM
module to sudo's stack (e.g. pam_ssh_agent_auth) or an ssh certificate
PAM module (e.g. pam_ussh). Sadly, I'm unaware of a PAM module that
supports both.
More information about the rsync
mailing list