headers
Stayvoid | 23 Jul 2012 03:47
Picon

Rsync over ssh with root privileges

Hi,

I'm trying to copy some files from a remote server.
(That server uses passphrase to auth users.)
Rsync should be able to copy files with root privileges.

Here is my attempt:

sudo rsync -avP --exclude 'proc' --exclude 'dev' --exclude 'tmp'
--exclude 'sys' --exclude 'mnt' --rsync-path='sudo rsync' -e "ssh -t
-t -i /home/USER/.ssh/key" USER <at> SERVER:/  /mnt/backup/

Response:

protocol version mismatch -- is your shell clean?
(see the rsync man page for an explanation)

The following file is empty:

ssh remotesystem /bin/true > test.dat [1]

Any ideas? Am I using the correct syntax?

Thanks

[1] http://rsync.samba.org/FAQ.html
--

-- 
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
(Continue reading)

Permalink | Reply |
headers
Kevin Korb | 23 Jul 2012 03:51
Favicon

Re: Rsync over ssh with root privileges


Since you are using sudo on the remote end have you configured it to
not require a password for that user to run rsync?  I suspect that
your use of the double -t on ssh that it isn't.  Rsync over ssh is not
going to be compatible with a sudo password prompt.

On 07/22/12 21:47, Stayvoid wrote:
> Hi,
> 
> I'm trying to copy some files from a remote server. (That server
> uses passphrase to auth users.) Rsync should be able to copy files
> with root privileges.
> 
> Here is my attempt:
> 
> sudo rsync -avP --exclude 'proc' --exclude 'dev' --exclude 'tmp' 
> --exclude 'sys' --exclude 'mnt' --rsync-path='sudo rsync' -e "ssh
> -t -t -i /home/USER/.ssh/key" USER <at> SERVER:/  /mnt/backup/
> 
> Response:
> 
> protocol version mismatch -- is your shell clean? (see the rsync
> man page for an explanation)
> 
> The following file is empty:
> 
> ssh remotesystem /bin/true > test.dat [1]
> 
> Any ideas? Am I using the correct syntax?
>
(Continue reading)

Permalink | Reply |
headers
Stayvoid | 23 Jul 2012 09:53
Picon

Re: Rsync over ssh with root privileges

Kevin,

> Since you are using sudo on the remote end have you configured it to
> not require a password for that user to run rsync?

No, I haven't. Could you tell me how to do it?

And what about the syntax? Is it ok?
--

-- 
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Permalink | Reply |
headers
Kevin Korb | 23 Jul 2012 18:17
Favicon

Re: Rsync over ssh with root privileges


The syntax is explained here: http://sanitarium.net/rsyncfaq/#sudo
Even though I wrote that particular FAQ entry I have never actually
tried it as I think it is a rather silly use of sudo.

> sudo rsync -avP --exclude 'proc' --exclude 'dev' --exclude 'tmp' 
> --exclude 'sys' --exclude 'mnt' --rsync-path='sudo rsync' -e "ssh
> -t -t -i /home/USER/.ssh/key" USER <at> SERVER:/  /mnt/backup/

My first though is that if you configure sudo to not require a
password and drop the -t -t in the ssh part it will probably work.

My second thought is that you would be far better off just doing the
ssh as root using a restricted key.  To do that I would suggest:
1. In the server's sshd_config set:
PermitRootLogin without-password
2. In the server's /root/.ssh/authorized_keys file:
from="hostname of your system","command=/path/to/rrsync -ro /" ssh-rsa
...........

This will allow the ssh key that you are using to only work from the
specified host name and to only be able to run rsync and in read-only
mode.  This will allow for the simple mirroring of a system which
appears to be what you are trying.  Note that if your distro doesn't
include rrsync with rsync it is a perl script that is in the support
directory of the rsync source tarball.

The without-password option sounds a bit scary but what it means is
that root is not allowed to log in via a password but only via keys
that have been authorized.
(Continue reading)

Permalink | Reply |

Gmane