[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rsync+ssh for syncing data securely

To: seul-edu@seul.org
Subject: rsync+ssh for syncing data securely
From: Tonnesen Steve <tonnesen@hazlinux.cmsd.bc.ca>
Date: Fri, 23 Jul 1999 06:35:26 -0700 (PDT)
In-Reply-To: <199907230557.HAA10984@pawo.tasis.ch>
Reply-To: seul-edu@seul.org
Sender: owner-seul-edu@seul.org

On Fri, 23 Jul 1999, Bill Tihen wrote:

> NFS and rsync+ssh tips could be useful too.  I need to do that within
> the next few months and have never done it before -- even a list of your
> favorite resources would be helpful.

To be honest: man rsync and man ssh.  :)

For NFS, man exports would be a good place to start.

I use rsync+ssh in the following manner (synopsis at the end):

---
SSH
---

On the client (where the files are getting copied to), I generate a ssh
key pair for my k12admin user _without_ a password.  Using a blank
password is frowned upon, but is necessary for unattended operation. 

su -l k12admin
ssh-keygen

Now k12admin's public key is stored in /home/k12admin/.ssh/identity.pub.
I copy this file to the server and add it to
/home/k12admin/.ssh/authorized_keys.  This file lists all of the keys that
are allowed to connect to the server using ssh.

Now, on the client, I should be able to run:

  su -l k12admin
  ssh server-hostname

and get a shell connection as k12admin on the server without having to
enter a password. 

-----
RSYNC
-----

Rsync uses rsh as it's transport agent by default with is very insecure.
To switch to using ssh, just use the -e switch.

rsync -ae ssh server-hostname:/var/serverdata/ /usr/local/clientdata/

will sync all of the data from the /var/server/data/ directory on
server-hostname to the /usr/local/clientdata/ directory on the client.

The actual switches that I use in k12admin are:

  rsync -vzae ssh --delete .....

   -v verbose  (shows what it is doing)
   -z compress the data before transmitting
   -a archive (recursion and preserves ownership/permissions)
   --delete   deletes files on the client that don't exist on the server

--------
SYNOPSIS
--------

* Run ssh-keygen on the client  (use a blank passphrase if you need
  unattended operation).
* Add /home/k12admin/.ssh/identity.pub on the client to
  /home/k12admin/.ssh/authorized_keys on the server.
* rsync -vzae ssh --delete server:/dirtosync/  /clientdir/

I also use rsync+ssh to sync data between redundant servers in a school.
For example, I can sync /home from the home directory server in a school
to an application server.  If something happens to the home directory
server, the users can still find their files on the application server as
a backup.  I'm hoping something like the CODA filesystem will replace the
need for this eventually.

Steve.

References:
- Re: K12Admin project update
  - From: Bill Tihen <bill@tasis.ch>

Prev by Date: Re: Open Book
Next by Date: Re: K12Admin project update
Prev by thread: Re: K12Admin project update
Next by thread: Re: K12Admin project update
Index(es):
- Date
- Thread