You are not logged in.
I have a machine (A) that contains a website. Everything there is owned by http.http
I have another machine (B) that needs to have an exact copy of what is on machine A, also to be owned by http.http
The information needs to be moved from machine A to machine B securely, over the Internet.
I have root logins disabled for ssh.
I set up the rsync daemon on machine A. I used a name and password that doesn't belong to a user on either system.
There is so much conflicting information out there about using rsyncd, and so many places that jump right into all the "singing and dancing" (a great phrase I found on a site about setting up postfix) that I am completely confounded about how to do this. If I do it straight across without the daemon, I get all kinds of permissions errors. I don't know how to copy files that belong to http.http without being that user or being root. I thought using the daemon got around that, but I'm not sure how that fits into a secure transfer, as everything I read talks about having to use ssh even with the daemon.
I simply want to connect from Machine B to Machine A and mirror the data, using a cron job once I actually have it working. I do have an rsa keypair set up so I don't need a password to log in via ssh. I set up the daemon so I didn't have to use ssh, but what I'm reading says that I need that if I want security.
This is one where the more I read, the more confused I get. If anybody can simplify this, I'd appreciate it.
Offline
I'd create a user on the web server specifically for rsync and add it to the http group. Just have to make sure the http group can read everything.
Offline
I'll try that. It's simple and straightforward, which may explain why I didn't think of it ![]()
Offline
For other alternatives, look into using rrsync (google it) as a restricted shell.
Or start your authorized_keys line with
command=<some commands>,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa ...These are just pointers to get you started. Of course you should read up so you understand what's happening.
Last edited by Profjim (2010-04-05 17:57:06)
Offline