setting up RSync over SSH with No Password

February 29th, 2008  | Tags:

Looking for how to set
up RSync over SSH so that you can run it in a cron job, or without
entering a password?

It’s actually very simple. Just follow these few steps:

—- 1 —-

As the user you are going to be running rsync as, and on the machine you will be running rsync on, type: ssh-keygen -t rsa

Follow the prompts and use the defaults for the filenames it gives you.
Don’t enter in a passphrase, otherwise you will still be prompted for a
password when trying to connect.

You should then have two new files in ~/.ssh, id_rsa and id_rsa.pub.

—- 2 —-

Open ~/.ssh/id_rsa.pub and copy the line in it to the
~/.ssh/authorized_keys file on the host you will be connecting to as
the user you will be logging in as.

—- 3 —-

Now try it out. Try ssh’ing from the host you created the id_rsa* files
on to the one you added a line to the authorized_keys file. You won’t
be prompted for a password any more.

—- 4 —-

Voila!
Thanks to http://freebsd.peon.net/quickies/21/

Leave a comment | Trackback
« Growth and Development Sometimes it’s so flakey. »
  1. Laney
    March 1st, 2008 at 19:02
    Reply | Quote | #1

    Of course this is terribly insecure, allowing full shell access without a password. Fortunately there is a way to mitigate this somewhat by prefixing the public key in your authorized_keys file to restrict a particular key to only running certain commands. Here’s mine:

    command=”/home/laney/.ssh/check_command”,from=”my.i.p”,no-port-forwarding,no-X11-forwarding,no-pty

    Which validates the command (ssh user@host ), restricts to a single IP, and disables port forwarding and many other things. Much more secure, although obviously only as secure as those commands which you allow.

    check_command is here: http://orangesquash.org.uk/~laney/check_command

  2. Neil Greenwood
    March 11th, 2008 at 15:47
    Reply | Quote | #2

    Step 2 can be simplified by using the ssh-copy-id command.



TOP