[Techtalk] rsync with ssh using cron
Conor Daly
conor.daly at oceanfree.net
Sun Jun 23 10:49:42 EST 2002
On Wed, Jun 19, 2002 at 02:35:28PM +1000 or so it is rumoured hereabouts,
Malcolm Tredinnick thought:
> On Wed, Jun 19, 2002 at 12:20:29AM -0400, Michelle Murrain wrote:
> > I'm trying to get rsync to work with cron. The one tip I found, upon
> > googling, at: http://www.scrounge.org/linux/rsync.html
> >
> > looks good, but doesn't work. (Basically, this method is to create a new
> > key, and place it in a file in the ~/.ssh directory of both machines, to
> > get a ssh without password prompt.) Didn't work.I'm not clear why it
> > didn't work - but I still got a password prompt.
>
> If you followed that page precisely but you are using the version 2
> protocol of ssh, then the key you generated needs to go into
> .authorized_keys2 (not .authorized_keys).
>
> Also, try testing things by just doing ssh -v <target_machine> as the
> appropriate user to see if things work (add more -v's to get more
> debugging). Otherwise you will be debugging ssh and rsync problems
> together, rather than just one at a time.
>
> If all of those things work, we might be able to think up more things,
> but, typically, once you have the passphrase-less ssh login working,
> rsync via cron Just Works(tm).
Just from a quick read of the link above, it seems you need to enter a
passphrase to have the process work. You can use a null passphrase for
your key but that isn't secure *unless* you lock down the key for just
that task. there's a document detailing it linked below.
Essentially, it involves putting the exact command that is to be run in
the .ssh/authorized_keys(2) file along with the public key that will be
used. Once that is done, any other attempt to use that key will result in
an authentication failure.
----------- forwarded text -------------
> I know that one way is to have a key with a null keyphrase, and
> another way is to have sshagent running. The null passphrase is a
> problem if the destination box is ever cracked....
Well, not if the SSH key is locked down to perform only one specific,
well-chosen function on the remote end. I've been known to use this to
auto-mirror directories between machines using rsync, for example.
http://linuxmafia.com/~rick/linux-info/ssh-publickey-process
--------- ecd forwarded text -----------
Conor
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
10:47am up 30 days, 20:05, 0 users, load average: 0.00, 0.00, 0.00
Hobbiton.cod.ie
10:43am up 4 days, 10:05, 1 user, load average: 0.03, 0.08, 0.04
More information about the Techtalk
mailing list