You are not logged in.
Goal: Use rsync to connect to my rsyncd using an sshkey rather than a password for authentication.
I think the answer is no, but thought I'd ask here. Googling on this gave a sea of false positive hits since rsync can be used over ssh.
For reference:
$ cat /etc/rsyncd.conf
uid = root
gid = root
use chroot = no
max connections = 4
syslog facility = local5
pid file = /run/rsyncd.pid
[large]
path = /mnt/backup
comment = big drive
read only = false
secrets file = /etc/rsyncd.scrt
auth users = rsyncbackupuser
I constructed the secrets file in the standard, plaintext "username:password" format.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
Hi
Yes, is possible, I'm using it to sync folders between two servers over a WAN connection (an VPN)
You only have to setup the keys to be able to do ssh from one host to the other without password
Generate the key (as root)
ssh-keygen -t dsa
copy it to remote machine
scp .ssh/id_rsa.pub root@remotemachine:/root/.ssh/localservername_id_rsa.pub
then ssh to remote machine
and add the key to authorized keys
cd .ssh
cat localservername_id_rsa.pub >> authorized_keys
repeat now the procedure for this server to generate the key and scp to the local machine, then add to the local authorized_keys
when you have this working then you use rsync
like this
rsync -cavz --stats --progress --no-whole-file --log-file=/var/log/cron_rsync_$(date +%Y%m%d).log /sourcedirectory/ root@remotehost:/remotedirectory/
well, the log file is to store the rsync results as I have this on a cron script
Hope this helps
-
Arch64 - Acer AX3950 - i5-650 3.2 GHz - 8 GB RAM - Nvidia GeForce 320 1 GB Ram
Arch32 - Samsung NC10 - 2 GB Ram
Offline
rsync -cavz --stats --progress --no-whole-file --log-file=/var/log/cron_rsync_$(date +%Y%m%d).log /sourcedirectory/ root@remotehost:/remotedirectory/
If I'm not mistaken this is rsyncing over ssh rather than via the `rsync --daemon` which encrypts the data thus slowing down everything.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
If I'm not mistaken this is rsyncing over ssh rather than via the `rsync --daemon` which encrypts the data thus slowing down everything.
Correct. The rsync daemon does not support key-based authentication; and authenticating over an unencrypted channel is false security.
You can lower the encryption level used by SSH to something less processor intensive to improve speeds:
http://lugatgt.org/2009/10/28/ssh-tips-and-tricks-2/
http://lime-technology.com/forum/index. … ic=10503.0
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Thanks, fukawi. I am aware of it. In fact: https://bbs.archlinux.org/viewtopic.php?id=136713
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
Thanks, fukawi. I am aware of it. In fact: https://bbs.archlinux.org/viewtopic.php?id=136713
Oh, lol, I remember reading that thread when you posted it; didn't realize yesterday it was yours
Have you tried disabling compression?
http://serverfault.com/questions/116875 … on-openssh
If you can find something similar to SSH that will do the key-auth, but not compression/authentication then you could use that as the transport with -e option. A quick Google doesn't show up anything for me though.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Yeah, I looked for that but discovered that upstream disabled the nocompression feature a while ago. I didn't wanna mess with it. Thanks for the suggestion, though.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
I have not had the oppotunity to test it, but I remembered the readme of the following tool:
https://aur.archlinux.org/packages.php?ID=50456
edit:
When I suggested that, I was aware that you don't want high encryption for performance reasons. Afaik (from the documentation) the tool does not actually allow you to use less-cpu intensive ciphers, so it won't be suitable for you I guess. I initially suggested it, since the guy who wrote it runs an online backup service. So I gathered it can't be that slow
An alternative might be to ditch ssh for that purpose and use ftps (e.g. curlftps, stunnel) as a tunnel with your own pem. That still keeps encryption, albeit with less protocol overhead. No idea how it would compare to your ssh-arcfour speedwise.
If that's _still_ not enough throughput, ah well .. then (keeping in mind fukawi's remark about false sense of security) you probably need something like a port-knocking for rsyncd. Requiring a fair bit of tinkering. For that there are a number of clever tools in the AUR. In addition to those, have a look at this implementation: https://github.com/moxie0/knockknock
Hope that helps.
What I did not understand was your comment:
Yeah, I looked for that but discovered that upstream disabled the nocompression feature a while ago.
The ssh-nocompression is disabled or what did you mean?
Last edited by Strike0 (2012-10-03 13:09:07)
Offline