Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] rsync password -- revisit




On Fri, Sep 14, 2012 at 09:55:04, Dan Ritter wrote:
> On Fri, Sep 14, 2012 at 08:40:44AM -0400, dan moylan wrote:

>> i have a script to rsync a number of directories between two
>> computers on my local net and would like to avoid having to
>> enter my password for each one.  i thought i could do this
>> using hosts.equiv, but it's not working for me.  i solved
>> this once before a number of years ago, but i'm undoubtedly
>> forgetting something now.  any help would be appreciated.

> Create an ssh key:

> ssh-keygen -t rsa -b 2048

> Change the filename to "rsync.key"

> Don't put in a passphrase.

> man sshd. Read the section on Authorized_Keys file format.

> Add restrictions to rsync.key.pub: no-agent-forwarding,
> no-port-forwarding, no-pty, no-X11-forwarding, perhaps a from
> restriction. Make it tight. command = rsync?

> Copy rsync.key.pub with the restrictions to your remote machine,
> and cat it to the end of ~/.ssh/authorized_keys

> When you run rsync, pass it "-e ssh -i /home/jdm/.ssh/rsync.key"

> You should have a fairly safe passwordless rsync.

after a couple of wrong turns, that worked fine, and for a
long time, but i have lost track of when i used it last.
now, i have gone through all the steps again and can't get
it to work.

authorized_keys on the remote machine (aldeberon):
# authorized_keys
# rsync.key.pub
#
no-agent-forwarding
no-port-forwarding
no-pty
no-X11-forwarding
command = rsync
#
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzTeJ/nRpWTnjbsEWypLt1/rbdpU5ABAkPqUzX6ug0pCnvKpRKga63RlIi03rGQb0d1dkosKtVnhodageA6PRGuAQ3zdJDDdw1OScH8sZsdtGd44/fsBVCQlYlJP2i8RCc20dBnxiujvjv4iuvk5CPzZPCbjfxyFvEBES5nMsZY/mLilqX4xlDx9PJlkUJ28Gm0vaIEZ9BzGCDll7C4Quph4WXKgvVZdMrAfuAceE8DPcFacIvjOBDOGWxdqaaQgsYIXHSdgE72duDcNnAnDAV59nhtDEaYTAN5kba/uWqHujJ8p7Qff1vaYbkEUrUEhl/8GBptVI2i3tCsb0Q9aOF moylan at arcturas

rsync.key on the local machine (arcturas):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzTeJ/nRpWTnjbsEWypLt1/rbdpU5ABAkPqUzX6ug0pCnvKpRKga63RlIi03rGQb0d1dkosKtVnhodageA6PRGuAQ3zdJDDdw1OScH8sZsdtGd44/fsBVCQlYlJP2i8RCc20dBnxiujvjv4iuvk5CPzZPCbjfxyFvEBES5nMsZY/mLilqX4xlDx9PJlkUJ28Gm0vaIEZ9BzGCDll7C4Quph4WXKgvVZdMrAfuAceE8DPcFacIvjOBDOGWxdqaaQgsYIXHSdgE72duDcNnAnDAV59nhtDEaYTAN5kba/uWqHujJ8p7Qff1vaYbkEUrUEhl/8GBptVI2i3tCsb0Q9aOF moylan at arcturas

permissions on both are 600.

the command (from arcturas):
rsync -avz -e "ssh -p22 -i /home/moylan/.ssh/rsync.key" /home/moylan/rsy aldeberon:

the result:
moylan at aldeberon's password:

i must have missed something -- any suggestions?

tia,
ole dan

j. daniel moylan
84 harvard ave
brookline, ma 02446-6202
617-777-0207 (cel)
jdm at moylan.us
www.moylan.us
[no html pls]



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org