The Rsync utility has a lot of great uses, such as keeping servers in sync with one another, but some time you want to run it automatically, So how do you securely and automatically sync between servers?
As we know Rsync and SSH work together, but some time we don’t want to allow server to login and only want to transfer file between two computer such as backup of all web document root files. So how it is possible ?
In this tutorial I will describe how you can setup SSH only for data transfer purpose instead of server login.
Create validate-rsync.sh Script
You will need to create a script called “validate-rsync.sh” in any location like “/home/user/validate-rsync.sh” with below content.
# vim /home/user/validate-rsync.sh
#!/bin/sh
# validate-rsync.sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
rsync\ --server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac
Save and close file.
Make it executable by using below command:
# chmod +x /home/user/validate-rsync.sh
This will check to see if the ssh session is being used to execute an rsync backup. If it is being used for anything else, the session will be rejected and closed.
To limit where connections are coming from, prefix the key with from=”IP_Address“. To limit what command is executed, prefix the key with command=”/path/to/validating/script/” in your secured authorized_keys file.
from="192.168.0.15",command="/home/user/validate-rsync.sh" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwxv... == = [email protected]
# vim /root/.ssh/authorized_keys from="192.168.0.15",command="/home/user/validate-rsync.sh" ssh-rsa AAAAB3NzaC1yafafAeAdfARAEdfdafjlajaqejldfjoeriuadfaldflzdfjladfjaljf;afja;sldjfadfadf /alkdhfadrfoaRTlpKB4U6313tBnJMIWe5PikDQ4X5eTbOPJGsKRbPVvnBICyPHrLOHsadfalfdjaldfjafyYXAfMFjHrcZldjfa;ljjjSLJLSJLJljfljfd;lasdjfaJ15p20xSgpgGmDHdfadfadfa fdeTXSVke2f0CX++gktiqwdfpE36CJF2Yaldfaljfdalfjalflafjalfh5Ksr9+jN8Vx3UUTR6KD7/ki3rkiaROXxuhG5+m+w== [email protected] Now rsync is complete without prompting for a password, lets try it by using below command:
# rsync -avz -e "ssh -i ~/rsync-key" /some/small/directory/ [email protected]:/backup/destination/directory/
Still if your are getting problem, please make sure you have set proper permission to read from the source “/some/small/directory/” and to write to the target “[email protected]:/backup/destination/directory/” also make sure ssh session is establishing between the two hosts without password.
Thanks:)
If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.
Leave a Comment