RSYNC - SSL or daemon??

I am attempting to rsync between two Linodes using cron.daily. Both Linodes are running Ubuntu. The problem is that rsync requests a password (I'm doing this as root and root password is enabled in sshd_config). To get around this, I've been attempting to use SSL (reading the many different passwordless setup tutorials out there, but I can't get it to work, the script keeps asking for a password). So, I thought, perhaps it would be better to follow the instructions here https://help.ubuntu.com/community/rsync (about halfway down the page) titled: "Configuration of the RSYNC daemon". I was wondering if someone in the know could comment on which is less secure? The SSL or Daemon method?? Currently this is simply between two linodes in the same facility (both with 192.168.###.### ips) but I'd like to also do a less frequent rsync to a backup machine in my home, which I suspect would be of a greater security risk than interactions on a local lan. And if SSL is the best rout, if anyone knows of a very clear tutorial on how to achieve this on Ubuntu, that would be quite helpful.

Thanks

6 Replies

Setting up rsync to use keys rather than passwords should work just fine. My guess is that it's either some general confusion on which file goes where on which machine (which is quite easy to fumble!), or an issue with your script being run by a different user than you've set up your key for.

First things first: make it so that you can log in, via plain old SSH, to the other machine. That's exactly the same mechanism as rsync will use, so get that working first.

A random article I found about setting up public-key SSH authentication: http://tombuntu.com/index.php/2008/02/2 … made-easy/">http://tombuntu.com/index.php/2008/02/20/public-key-authentication-for-ssh-made-easy/ . Keep in mind that the machine he calls the "server" is your rsync destination machine. Just hit Enter when prompted for a password during key generation, and you will not need a password to connect to the "server."

I don't know of any vulnerabilities with running rsync as a daemon, but in my mind it's simpler just to go via ssh (assuming the machine is going to be running sshd anyway).

@Vance:

A random article I found about setting up public-key SSH authentication: http://tombuntu.com/index.php/2008/02/2 … made-easy/">http://tombuntu.com/index.php/2008/02/20/public-key-authentication-for-ssh-made-easy/ . Keep in mind that the machine he calls the "server" is your rsync destination machine. Just hit Enter when prompted for a password during key generation, and you will not need a password to connect to the "server."

I don't know of any vulnerabilities with running rsync as a daemon, but in my mind it's simpler just to go via ssh (assuming the machine is going to be running sshd anyway).

Thanks for the link. It is very similar to the tutorials I've been reading over… Unfortunately, I'm getting the same results… I get asked for the password after following the instructions.

@Xan:

Setting up rsync to use keys rather than passwords should work just fine. My guess is that it's either some general confusion on which file goes where on which machine (which is quite easy to fumble!), or an issue with your script being run by a different user than you've set up your key for.

First things first: make it so that you can log in, via plain old SSH, to the other machine. That's exactly the same mechanism as rsync will use, so get that working first.

I can run the script manually, but, I, when I do so, I'm asked to enter a password. So connecting is not a problem… just getting the ssl cert to work so I don't have to enter a password…

on the web server, after running "ssh-keygen -t rsa" I'm asked for a file name, which I give as "idrsarsync" then hit enter twice to accept blanks for pass phrase… then I'm asked to try to ssh in, and I'm asked for a pssword… BUT, i just now tried again, but this time I didn't change the default file name, just accepted the default, and this time it worked. Not sure why that would be, but, now my backup should run on its own.

Thanks

1) Is the public key saved as a file named

/path/to/user's/home/directory/.ssh/authorized_keys ?

2) Did you uncomment the line in your sshd_config file that says

AuthorizedKeysFile %h/.ssh/authorized_keys ?

@hybinet:

1) Is the public key saved as a file named

/path/to/user's/home/directory/.ssh/authorized_keys ?

2) Did you uncomment the line in your sshd_config file that says

AuthorizedKeysFile %h/.ssh/authorized_keys ?

ahhh… the public key was in place, the AuthorizedKeysFile line was not un-commented out.

Thanks

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct