Looking for how to set
up RSync over SSH so that you can run it in a cron job, or without
entering a password?
It's actually very simple. Just follow these few steps:
---- 1 ----
As the user you are going to be running rsync as, and on the machine you will be running rsync on, type: ssh-keygen -t rsa
Follow the prompts and use the defaults for the filenames it gives you.
Don't enter in a passphrase, otherwise you will still be prompted for a
password when trying to connect.
You should then have two new files in ~/.ssh, id_rsa and id_rsa.pub.
---- 2 ----
Open ~/.ssh/id_rsa.pub and copy the line in it to the
~/.ssh/authorized_keys file on the host you will be connecting to as
the user you will be logging in as.
---- 3 ----
Now try it out. Try ssh'ing from the host you created the id_rsa* files
on to the one you added a line to the authorized_keys file. You won't
be prompted for a password any more.
---- 4 ----
Voila!
Thanks to http://freebsd.peon.net/quickies/21/
Powered by FireStats
March 1st, 2008 at 7:02 pm
Of course this is terribly insecure, allowing full shell access without a password. Fortunately there is a way to mitigate this somewhat by prefixing the public key in your authorized_keys file to restrict a particular key to only running certain commands. Here's mine:
command="/home/laney/.ssh/check_command",from="my.i.p",no-port-forwarding,no-X11-forwarding,no-pty
Which validates the command (ssh user@host ), restricts to a single IP, and disables port forwarding and many other things. Much more secure, although obviously only as secure as those commands which you allow.
check_command is here: http://orangesquash.org.uk/~laney/check_command
March 11th, 2008 at 3:47 pm
Step 2 can be simplified by using the ssh-copy-id command.