Re: ssh failure due to local error
The local folder contained the text file, which was confirmed by the command ls ./ When I go to the remote machine and repeat this command, the file is not shown which means that transfer failed. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh failure due to local error
On 18/08/2009, Wayne Davison way...@samba.org wrote: On Mon, Aug 17, 2009 at 09:02:42PM +0100, e-letter wrote: rsync -t *.txt u...@remote.machine: No response from the command terminal, except for a new prompt Then it succeeded. If you want it to be more verbose, tell it to be verbose. I repeat: I connect to the remote machine in a separate command terminal to see if the text file was transferred and there was no transfer. I repeated the command with the verbose command: rsync -vt *.txt u...@remote.machine: sent 39 bytes received 16 bytes 4.40 bytes/sec total size is 24 speedup is 0.44 Again, I connected to the remote machine in a separate command terminal to see if the text file was transferred and there was no transfer. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh failure due to local error
Tue, 18 Aug 2009 12:53:28 +0100, inpost wrote: I repeat: I connect to the remote machine in a separate command terminal to see if the text file was transferred and there was no transfer. I repeated the command with the verbose command: rsync -vt *.txt u...@remote.machine: sent 39 bytes received 16 bytes 4.40 bytes/sec total size is 24 speedup is 0.44 -v will also show the transferred files: so, your shell/rsync did not find any files that * match *.txt, * are in the directory were you called rsync, AND * need to be transferred Sven -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh failure due to local error
Try rsync -av *.txt:u...@remote.machine/path/to/where/you/want/it/to/go/ (assuming you only want to rsync the txt files from the current working directory on the A side - else put the full path in with a trailing slash). Quoting e-letter inp...@gmail.com: Readers, I have tried the following command: rsync -t *.txt ssh u...@remote.machine: and receive the following error: rsync: link_stat local/machinepath/ssh failed: No such file or directory (2) rsync error: some files could not be transferred (code 23) at main.c(1031) [sender=3.0.2] My understanding of the manual is that the text files on my local machine should have been transferred to the remote machine. There is one text file, created to practice my use of rsync. What is happening? How do I solve? rs...@conference.jabber.org mandriva 2008 rsync 302 -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh failure due to local error
On Mon 17 Aug 2009, e-letter wrote: I have tried the following command: rsync -t *.txt ssh u...@remote.machine: and receive the following error: rsync: link_stat local/machinepath/ssh failed: No such file or directory (2) Does: ssh u...@remote.machine actually work to give you a shell on the remote machine? Paul -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh failure due to local error
On Mon 17 Aug 2009, Paul Slootman wrote: I have tried the following command: rsync -t *.txt ssh u...@remote.machine: Ah, I now see a spurious ssh there. That tells rsync that you also want to transfer a file ssh, in addition to the *.txt files. Do you have a file ssh in that directory? and receive the following error: rsync: link_stat local/machinepath/ssh failed: No such file or directory (2) Your current working directory is local/machinepath ? Paul -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh failure due to local error
On 17/08/2009, si...@tranmeremail.org.uk si...@tranmeremail.org.uk wrote: Try rsync -av *.txt:u...@remote.machine/path/to/where/you/want/it/to/go/ (assuming you only want to rsync the txt files from the current working directory on the A side - else put the full path in with a trailing slash). This failed, command terminal response: ssh: *.txt: Name or service not known rsync: connection unexpectedly closed (0 bytes received so far) [receiver] rsync error: error in rsync protocol data stream (code 12) at io.c(635) [receiver=3.0.2] -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh failure due to local error
On 17/08/2009, Paul Slootman paul+rs...@wurtel.net wrote: On Mon 17 Aug 2009, e-letter wrote: I have tried the following command: rsync -t *.txt ssh u...@remote.machine: and receive the following error: rsync: link_stat local/machinepath/ssh failed: No such file or directory (2) Does: ssh u...@remote.machine actually work to give you a shell on the remote machine? Both ssh u...@remote.machine and ssh remote.machine -l user connect successfully. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh failure due to local error
On 17/08/2009, Paul Slootman p...@wurtel.net wrote: On Mon 17 Aug 2009, Paul Slootman wrote: I have tried the following command: rsync -t *.txt ssh u...@remote.machine: I removed the ssh from the command: rsync -t *.txt u...@remote.machine: No response from the command terminal, except for a new prompt: [...@localhost directory]$ I connect to the remote machine in a separate command terminal to see if the text file was transferred and there was no transfer. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh rsync equivalence?
On 29/03/09 17:15, Morgan Read wrote: Hello Folks ... On 30/03/09 04:45, Kyle Lanclos wrote: I suggest putting your 'ssh -i /some/key/here' into a small shell script, so that you do: rsync -e rsync_ssh ...and rsync_ssh looks like: #! /bin/sh exec ssh -i /home/key/here $@ I think the single ticks in the -e option might be throwing something for a loop. [r...@morgansoldmachine ~]# ssh -t rs...@morgansmachine sudo rsync -avzAXHn --delete-after -e /home/rsync/bin/rsync_ssh /etc r...@morgansoldmachine:/media/bigdisk/morgansmachine/etc building file list ... done created directory /media/bigdisk/morgansmachine/etc etc/ etc/.pwd.lock etc/.sudoers.tmp.swp ... etc/yum/pluginconf.d/presto.conf etc/yum/pluginconf.d/protect-packages.conf etc/yum/pluginconf.d/whiteout.conf sent 138652 bytes received 17900 bytes 18417.88 bytes/sec total size is 165558833 speedup is 1057.53 (DRY RUN) Connection to 192.168.1.40 closed. [r...@morgansoldmachine ~]# Eureka!!! I've done it! Well, not me - thank you everyone. Morgan. -- Getting errors: There are problems with the signature (or similar)? Update your system by installing certificates from CAcert Inc, see here: http://wiki.cacert.org/wiki/BrowserClients?#head-259758ec5ba51c5205cfb179cf60e0b54d9e378b Or, if Internet Explorer is your default browser, simply click this link: http://www.cacert.org/index.php?id=17 Morgan Read NEW ZEALAND mailto:mstuffATreadDOTorgDOTnz fedora + freedom; fact || fiction? http://fedoraproject.org/wiki/Overview get freed-ora! http://www.fsfla.org/svnwiki/selibre/linux-libre/freed-ora -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh rsync equivalence?
On Sun, Mar 29, 2009 at 05:15:58PM +1300, Morgan Read wrote: ssh [...] sudo rsync [...] -e 'ssh -i /home/rsync/.ssh/id_dsa' [...] Those quotes won't survive the trip through that many programs, so you're undoubtedly ending up with rsync seeing just the -e ssh option, and the -i and beyond are taken as options/args to rsync itself. Your best bet is to put ssh config items into your /root/.ssh/config file. For instance: Host 192.168.1.100 User root IdentityFile /home/rsync/.ssh/id_dsa That sets those settings as the default when accessing that IP. Or give it a name and use that name instead of a hostname or IP when telling rsync what host to contact. For instance, in the local host's .ssh/config file: Host r40 Host 192.168.1.40 User rsync Then on the remote host: Host r100 Host 192.168.1.100 User root IdentityFile /home/rsync/.ssh/id_dsa Then run this (trailing slash added to avoid /path/etc/etc): ssh -t r40 sudo rsync -avzAXHn --delete-after /etc/ r100:/path/etc Your other option is to create a script that executes ssh with the option(s) you want to use and run that script via rsync's -e option. ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: SSH daemon questions
On 10/13/07, Alan Cheers [EMAIL PROTECTED] wrote: If you had multiple people making rsync backups over ssh wouldn't it be preferred to use the single-use daemons from a security standpoint? If multiple people use this method I would want to limit the chance of somebody being able to grab or overwrite somebody else's data. Which do you think is better for a multiuser setup? If the users have full shell accounts on the destination system (or you are willing to give them accounts), then each user can push backups to his/her own account over ssh and can't access anyone else's backups. A single-use daemon could optionally be used for the convenience of having the backups rotated automatically but would not be involved in the security model. If the users do not have shell accounts, then the daemon becomes important as a gatekeeper. The easiest setup would use a background (opposite of single-use) daemon with one module for each user. A user would authenticate to the daemon using a username/password configured in the daemon's secrets file and could then access only his/her own module according to the auth users setting in the rsyncd.conf. Note that the daemon protocol provides neither encryption nor integrity-checking for the connection, so if there is the potential for untrusted people to tap the connection, you should protect it somehow. One relatively easy way is to convert the daemon to a single-use daemon over ssh, create an authorized key that has a forced command that invokes the single-use daemon, and publish the authorized key for everyone to use. This way, any user can log in through ssh and know they have a secure connection to the daemon, but then he/she must authenticate to the daemon to gain access to modules. Note: If you intend to deploy rsync for a specific purpose (rather than just learn about it), it would help if you gave me the entire picture now instead of revealing it piece by piece. Let's bring this conversation onto the list in case the information is useful to others in the future. Matt -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh catch 22
I'll be honest, I was about to send a long mail on how it still doesn't work... when it suddenly did! :) So I thought some poor soul might like a step by step so here it is 192.168.1.1 is the source with the data you want 192.168.1.2 is the destination where you want the data to go with that in mind do: 1) on the destination, create an ssh key and export the public key to the source 2) edit the source authorized_keys where you put your pub key and add the following at the start of the key: from=192.168.252.2,command=/usr/local/bin/valid_rsync.sh ssh-rsa ... 2a) make sure your permissions are correct or it will never work 3) still on the source, edit /etc/ssh/sshd_config and make sure you can only log as root to execute a command: AllowUsers foobar [EMAIL PROTECTED] PermitRootLogin forced-commands-only 3a) restart ssh 4) create the script with permissions 500 # cat /usr/local/bin/valid_rsync.sh #!/bin/sh # Validate rsync comming from a certificate case $SSH_ORIGINAL_COMMAND in *\*) echo Rejected #1 ;; *\(*) echo Rejected #2 ;; *\{*) echo Rejected #3 ;; *\;*) echo Rejected #4 ;; *\*) echo Rejected #5 ;; *\`*) echo Rejected #6 ;; rsync\ --server*) $SSH_ORIGINAL_COMMAND ;; *) echo Rejected #7 ;; esac 5) now on the destination server, you should be able to run the following command and not be prompted for a password. I created a TEST file for the transfer. rsync -a -e ssh -i /root/.ssh/rsync-key [EMAIL PROTECTED]:/root/TEST . Worked for me! Thank you to wayne, David and Martin for helping me. Regards, -Ed On Tuesday 14 November 2006 01:20, you wrote: On Tue, Nov 07, 2006 at 07:19:31PM +0100, Ed wrote: b) in the certificate, I specified the command that could be run... the likes of: command=rsync -av ./source [EMAIL PROTECTED]:/destination ssh-rsa It's completely invalid to specify a client command when expecting a server command. Just run rsync with 2 -v options to see the command it it sending to the remote system, and will will tell you what command to expect. See also the support/rrsync script thta can be used as the forced command=/path/rrsync script to limit the rsync command(s) that you accept. ..wayne.. -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh catch 22
On Wednesday 08 November 2006 00:34, Ed wrote: On Tuesday 07 November 2006 22:53, you wrote: ...snip... You want to run the rsync command upon connection. Try to use: command=/usr/bin/rsync --server --daemon --config=/foo/rsyncd.conf . ,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa [BASE64-encoded data of public key] This will cause rsync in server mode to show up on the server side of the encrypted connection. Now you can configure what is possible and not through /foo/rsyncd.conf, e.g. allow read only, chrooting etc. However, the client side still has to say I want to archive, like this: rsync -av --rsh=ssh -l SSH_USER -i /someplace_safe/ssh_id_key LOCAL_FILE [EMAIL PROTECTED]::RSYNC_MODULE if source is LOCAL_FILE rsync -av --rsh=ssh -l SSH_USER -i /someplace_safe/ssh_id_key [EMAIL PROTECTED]::RSYNC_MODULE LOCAL_FILE if source is [EMAIL PROTECTED]::RSYNC_MODULE Best regards, -- David Hi David, thanks for your answer, I'll take a good look at it all tomorrow morning and put it to good use. :) I also got an answer from Martin Schröder who sent me the following link: http://www.jdmz.net/ssh/ Thank you both! -Ed Hi again, I spent some time trying the solutions you offered but none seem to work for me. Does anyone have a step by step approach of a passwordless rsync via a certificate? I managed a simple hostname lookup because it's the target that executes the command in the certificate but I can not see a way out of my catch 22. If I send an rsync command to the target server, it is only logical that the target execute the command and thus fails miserably :( I can't follow Davids howto as I have a rsync running as a daemon on the target server already and it seems a little fiddly for a simple rsync. In short, if you got it to work, please let me know how you did it pretty please. All I get for now is a prompt for a password or the infamous protocol version mismatch -- is your shell clean? Regards, -Ed -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh catch 22
On Tue, Nov 07, 2006 at 07:19:31PM +0100, Ed wrote: b) in the certificate, I specified the command that could be run... the likes of: command=rsync -av ./source [EMAIL PROTECTED]:/destination ssh-rsa It's completely invalid to specify a client command when expecting a server command. Just run rsync with 2 -v options to see the command it it sending to the remote system, and will will tell you what command to expect. See also the support/rrsync script thta can be used as the forced command=/path/rrsync script to limit the rsync command(s) that you accept. ..wayne.. -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh catch 22
Ed wrote: Hi all, I'm stuck with a little dilemma and I thought someone could give me a little advice. Is there a way to use rsync with an ssh certificate? There should be what I have: First of all I am forced to use the root account with ssh which I know is a big no, no, but sometimes it can't be helped. (Shrug) Not such a big no no IMHO. We are all root sometimes. Second, I need to use a certificate without a password as root which is even worst than point one so I thought I'd secure as much as I could and did the following. what I did: -- a) in the sshd_config of the destination PC I set AllowUsers to [EMAIL PROTECTED] b) in the certificate, I specified the command that could be run... the likes of: command=rsync -av ./source [EMAIL PROTECTED]:/destination ssh-rsa my problem: - Now if the command was ls the source would only be able to return the result of an ls on the destination PC. The problem I am facing is that my rsync command found in the certificate won't execute an rsync from source to destination but rather, like the ls example, it will run the command from the destination PC and thus try an rsync from destination to source. Was that clear? Can you advise on a way to automate an rsync via ssh? Many thanks -Ed You want to run the rsync command upon connection. Try to use: command=/usr/bin/rsync --server --daemon --config=/foo/rsyncd.conf . ,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa [BASE64-encoded data of public key] This will cause rsync in server mode to show up on the server side of the encrypted connection. Now you can configure what is possible and not through /foo/rsyncd.conf, e.g. allow read only, chrooting etc. However, the client side still has to say I want to archive, like this: rsync -av --rsh=ssh -l SSH_USER -i /someplace_safe/ssh_id_key LOCAL_FILE [EMAIL PROTECTED]::RSYNC_MODULE if source is LOCAL_FILE rsync -av --rsh=ssh -l SSH_USER -i /someplace_safe/ssh_id_key [EMAIL PROTECTED]::RSYNC_MODULE LOCAL_FILE if source is [EMAIL PROTECTED]::RSYNC_MODULE Best regards, -- David -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh catch 22
On Tuesday 07 November 2006 22:53, you wrote: ...snip... You want to run the rsync command upon connection. Try to use: command=/usr/bin/rsync --server --daemon --config=/foo/rsyncd.conf . ,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa [BASE64-encoded data of public key] This will cause rsync in server mode to show up on the server side of the encrypted connection. Now you can configure what is possible and not through /foo/rsyncd.conf, e.g. allow read only, chrooting etc. However, the client side still has to say I want to archive, like this: rsync -av --rsh=ssh -l SSH_USER -i /someplace_safe/ssh_id_key LOCAL_FILE [EMAIL PROTECTED]::RSYNC_MODULE if source is LOCAL_FILE rsync -av --rsh=ssh -l SSH_USER -i /someplace_safe/ssh_id_key [EMAIL PROTECTED]::RSYNC_MODULE LOCAL_FILE if source is [EMAIL PROTECTED]::RSYNC_MODULE Best regards, -- David Hi David, thanks for your answer, I'll take a good look at it all tomorrow morning and put it to good use. :) I also got an answer from Martin Schröder who sent me the following link: http://www.jdmz.net/ssh/ Thank you both! -Ed -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh protocol 2
Do a google search for cwrsync. -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh protocol 2
I haven't tried it but based on version numbers something from here should work: http://www.itefix.no/phpws/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=6MMN_position=23:23 I found this linked from the backuppc.sourceforge.net site. On Wed, Jan 04, 2006 at 02:02:23PM -0500, Ken Senior wrote: Does anyone know a simple self-contained (e.g., along with the appropriate cygwin.dll file) rsync and ssh binary Windows distribution of rsync and ssh in which ssh supports protocol 2? I tried the installation from http://optics.ph.unimelb.edu.au/help/rsync/binaries/ but these do not support protocol 2. Thanks, Ken Senior -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html danno -- dan pritts - systems administrator - internet2 734/352-4953 office734/834-7224 mobile -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh rsync problem
Hello Harm if you use #rsync ... [EMAIL PROTECTED]:test rsync wil look for the test directory in the homedir of harm When you try # rsync ... [EMAIL PROTECTED]::test rync will use the [test] in your config file. !note: the difference is the dubble : Grtz,Remco Harm Aarts wrote: Hi all, I recently acquired a laptop which brings the grand total of computers at three. 1 laptop, 1 server, 1 desktop. Now the problem I want to solve is the following: Because I work on both my laptop and desktop I would like to sync data in my prj/ directory to my server. So when I logon I sync my data from to server to the computer I currently working on and when I logoff I sync the data back. Rsync looked ready for the job but I have only a partial working system. On the server: /etc/rsyncd.conf motd file = /etc/rsyncd.motd log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock uid = nobody gid = backup hosts allow = 192.168.1.3, 192.168.2.3 [homesync] path = /home//rsync/prj comment = Mijn eigen rsync server read only = no list = yes auth users = harmrsync secrets file = /etc/rsyncd.scrt [test] path = /tmp/test /etc/rsync.scrt harmrsync:12345678 So far so good, if I run locally: server:/etc# rsync localhost:: This is my test Message Of The Day homesyncMijn eigen rsync server test Great! That appears to work, further test reveil locally a working system. But now to my desktop system, when I try to run: [EMAIL PROTECTED]:/tmp$ rsync --verbose --progress --recursive --stats \ --rsh=/usr/bin/ssh 192.168.1.1:test /tmp/test Password: receiving file list ... rsync: link_stat /home/harm/test failed: No such file or directory (2) 0 files to consider client: nothing to do: perhaps you need to specify some filenames or the --recursive option? rsync error: some files could not be transferred (code 23) at main.c(723) [EMAIL PROTECTED]:/tmp$ This puzzles me. Why is rsync looking in the /home/harm/test directory??? I think I told it otherwise in the [test] clause in the rsyncd.conf. When I try: [EMAIL PROTECTED]:/tmp$ rsync --verbose --progress --recursive --stats --rsh=/usr/bin/ssh 192.168.1.1:/tmp/test /tmp/test everything works fine again. But this is not what I want! In want only the test and homesync module to be allowed! Can anybody help me? Thanks in advance. Wtih kind regards, Harm Aarts -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
RE: SSH Tunnel Problem
Hi, FAQ at http://www.itefix.no/phpws/index.php?module=faqFAQ_op=viewFAQ_id=27 may help. Rgrds Tev cwRsync maintainer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of d c Sent: 19. desember 2004 04:28 To: [EMAIL PROTECTED] Subject: SSH Tunnel Problem I have set up an Rsync server on FreeBSD 5.3 and plan on having windows clients synchronize data to it. Rsync running as a daemon works fine. I can successfully copy data up to the server and view it via scp. Also- I can connect via ssh and run rsync as well. HOWEVER- I cannot connect passwordless with SSH and then connect to the rsync daemon. The following demonstartes what I would like to do: rsync -av -e ssh -l myusername /cygdrive/pathtolocaldata [EMAIL PROTECTED]::modulename --password-file filename When I run the above I successfully authenticate with SSH but then I get an error that the rsyncd.conf cannot be read. Permissions on the rsyncd.conf file are root:wheel -rw-r-- I have tried chown to rsync:rync the user the daemon runs under as specified in my conf file. I would like the have the granularity of using rsyncd.conf. I was somewhat content with just using ssh but ssh wants to change the permissions on the upload directory where others can rwx. I tried changing the umask but apparently it is ignored when making an ssh connection. In addition- the local accounts on the server are setup for scponly. Any help would be greatly appreciated. I have been googling and experimenting for over two weeks. I believe everything is proper... :( TIA __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: SSH Tunnel Problem
On Sat, Dec 18, 2004 at 07:28:24PM -0800, d c wrote: HOWEVER- I cannot connect passwordless with SSH and then connect to the rsync daemon. If you combine daemon-syntax with ssh, you spawn a new rsync daemon that will be run by the ssh program, so it needs its own rsyncd.conf file (which must be in the logged-in user's home directory by default). If you want to talk to an existing rsync daemon using an encoded socket, you need to use some kind of tunnel, such as this one using ssh: ssh -f -i ~/.ssh/id_dsa -C -l SOMEUSER -L 8730:localhost:873 SOMEHOST sleep 40 rsync -av rsync://localhost:8730/module /dest That will connect to port 8730 on the localhost, which ssh forwards over its connection to SOMEHOST, and that machine then connects to port 873 on localhost. Changing the localhost in the -L option would change what machine the remote end of the tunnel connects with, which would allow you to ssh into REMOTEHOST and have it connect to port 873 on some other machine on REMOTEHOST's network. If you're using the ssh2 protocol, you should also be able to use the -N option to ssh instead of the sleep 40 command. ..wayne.. -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: SSH Tunnel Problem
Oh I see- I give that a try. Most likely I'll try that forwarding trick. I am unfamiliar with the syntax but I think I see how it works. If I use the original method as I specified then I guess I need rsyncd.conf and rsyncd.secrets in each users directory. Do I need to change the default rights on the binary for rsync also? Thanks for the quick repsonses so far. Also- as an aside I am I better of w/ cwrsync?Wayne Davison [EMAIL PROTECTED] wrote: On Sat, Dec 18, 2004 at 07:28:24PM -0800, d c wrote: HOWEVER- I cannot connect "passwordless" with SSH and then connect to the rsync daemon.If you combine daemon-syntax with ssh, you spawn a new rsync daemon thatwill be run by the ssh program, so it needs its own rsyncd.conf file(which must be in the logged-in user's home directory by default). Ifyou want to talk to an existing rsync daemon using an encoded socket,you need to use some kind of tunnel, such as this one using ssh:ssh -f -i ~/.ssh/id_dsa -C -l SOMEUSER -L 8730:localhost:873 SOMEHOST sleep 40rsync -av rsync://localhost:8730/module /destThat will connect to port 8730 on the localhost, which ssh forwards overits connection to SOMEHOST, and that machine then connects to port 873on "localhost". Changing the "localhost" in the -L option would changewhat machine the remote end of the tunnel connects with, which wouldallow you to ssh into REMOTEHOST and have it connect to port 873 on someother machine on REMOTEHOST's network. If you're using the ssh2protocol, you should also be able to use the -N option to ssh instead ofthe "sleep 40" command...wayne..-- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsyncBefore posting, read: http://www.catb.org/~esr/faqs/smart-questions.html__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh vs /sbin/nologin
On Thu, Sep 09, 2004 at 06:03:49PM +0800, Jacky Kim wrote: If the shell of user alpha is /sbin/nologin When use rsync with ssh mode, is it possible for alpha to use rsync to backup data? This is an ssh question: you're asking if there is a way to limit what commands the user runs. The answer is yes, there are ways to make sure that the user can only run a limited set of commands (even constricting what options can be sent), but I don't know the details. By default, if the user has a shell of /sbin/nologin, then ssh can't be used by that user to run any commands. See the ssh docs for more details. Once you get ssh configured as you desire, rsync can use it. ..wayne.. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: SSH and rsync server (tunnelling)
Lars E. D. Jensen wrote: Hi Thanks for your previous answers. Now I'm fighting with setting up ssh tunnelling with rsync Hi Just wanted to share this with other rsync through tunnelling newbies. This script will copy files from remotehostname to localhostname with permissions/ownership etc. preserved AND with encrypted transfer. This is the script I've made: ---cut--- #!/bin/bash # Sets up tunnelling, dsa key needed for ssh autologin (needs to be explicit given to the command).: ssh -i /home/rsync/.ssh/id_dsa -f -C -L 2211:remotehostname:873 [EMAIL PROTECTED] sleep 1000 # ENV var RSYNC_PASSWORD gets destroyed when this script is finish executing. Needed for rsync autologin.: export RSYNC_PASSWORD=somepassword rsync -auz --delete rsync://[EMAIL PROTECTED]:2211/www /var/www # only list files, test purposes only... # rsync rsync://[EMAIL PROTECTED]:2211/www ---cut--- The script is dependent on a rsync server running on remotehostname. I have the rsync server running through daemon tools (http://cr.yp.to/ucspi-tcp.html) with restricted access using tcprules. The script also needs to be executed on localhostname in order to work as meant to... -- Med venlig hilsen / Best regards Lars E. D. Jensen [EMAIL PROTECTED] -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: SSH and rsync server
On Tue, Aug 17, 2004 at 06:15:41PM +0200, Lars E. D. Jensen wrote: The warning tells me that it's not possibel to use ssh?! I do this: rsync -auz --delete --rsh=?ssh -l ssh_username [EMAIL PROTECTED]::www /var/www WARNING: --rsh or -e option ignored when connecting to rsync daemon Actually the warning (not error) means it's ignoring your redundant --rsh option since by default SSH is used (since 2.6.0). It should still work correctly otherwise. If you don't want to see the warning, remove your --rsh option. Dan W. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: SSH and rsync server
Widyono wrote: On Tue, Aug 17, 2004 at 06:15:41PM +0200, Lars E. D. Jensen wrote: The warning tells me that it's not possibel to use ssh?! I do this: rsync -auz --delete --rsh=?ssh -l ssh_username [EMAIL PROTECTED]::www /var/www WARNING: --rsh or -e option ignored when connecting to rsync daemon Actually the warning (not error) means it's ignoring your redundant --rsh option since by default SSH is used (since 2.6.0). It should still work correctly otherwise. If you don't want to see the warning, remove your --rsh option. Dan W. Ok, I'm currently using 2.5.5 (debian stable). Does this mean that it's always using SSH when connecting to a rsync server? That was not my impression reading through the documentation. --cut-- for copying from a remote machine using a remote shell program as the transport, using rsync server on the remote machine. This is invoked when the source path contains a :: separator and the --rsh=COMMAND (aka -e COMMAND) option is also provided. --cut-- And when using ssh with rsync -auz --delete --rsh=ssh -l ssh_username [EMAIL PROTECTED]::www /var/www I would exspect a prompt for password right? Maybe there's something wrong with the way I'm starting the rsync server (I'm using daemon tools): run script: #!/bin/sh exec 21 exec softlimit -d 1 tcpserver \ -x /etc/tcprules/tcp.rsyncd.cdb -v -c 20 -U -H -l 0 -R \ 1.2.3.4 873 nice -2 /usr/bin/rsync --daemon --no-detach \ --config=/etc/rsyncd.conf -- Med venlig hilsen / Best regards Lars E. D. Jensen [EMAIL PROTECTED] -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: SSH and rsync server
On Tue, Aug 17, 2004 at 06:15:41PM +0200, Lars E. D. Jensen wrote: The warning tells me that it's not possibel to use ssh?! Not to connect with an existing rsync daemon. The remote-shell option tells rsync to spawn a remote-shell which runs a program (rsync). However, to connect to an existing rsync daemon, rsync just needs to open a socket connection, which is something different. In a modern rsync (e.g. 2.6.2), combining --rsh (-e) with the daemon syntax (::) no longer warns, but instead results in a remote-shell spawning of a brand new daemon process on the remote system (which some people want to do, but still does not let you connect to an existing rsync daemon). So, if you want to encrypt the traffic to an existing rsync daemon, you'll need to use ssh (or maybe stunnel) to forward a local socket address to the remote machine (which allows you to tell rsync to connect to the local machine and have that connection get forwarded to the remote machine via the secure tunnel) -- see the ssh docs for how to use ssh to do that. Alternately, you can use a more modern rsync to run a remote daemon command over ssh (which lets you use the module syntax for the transfer, but does not let you connect to an existing daemon that has elevated privileges compared to your login). ..wayne.. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh+rsync to Windows
On Sun, May 02, 2004 at 01:53:48PM -0500, Scott LeFevre wrote: It appears that rsync is not reading the $HOME/rsyncd.conf. That's because you didn't tell rsync to talk to a daemon. Switch from single-colon to double-colon syntax if you want to do that. ..wayne.. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh and rsyncd.conf
On Tue 24 Feb 2004, Jacque Mergens wrote: rsync -rsh=/usr/bin/ssh filename host:/dir/filename But I am not able to perform this rsync -rsh=/usr/bin/ssh filename host:module_name No, because mdoules are only handled by the rsync daemon, which is contacted via its own tcp port. Additionally modules are indicated by a double colon ::module_name. What you're telling rsync above is to transfer to the directory module_name in your home directory on host. The client thinks that everything is going ok but the file never shows up in the target directory. Check the home dir... How do I get rsync to transfer the files using the rules called out in the rsyncd.conf file while using ssh? You'd have to forward the rsync port over an ssh connection: ssh -L8730:127.0.0.1:873 host Then, (separately) use rsync like so: rsync --port=8730 filename localhost::module_name and after the transfer stop the ssh session. but that's a rather roundabout method... Paul Slootman -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh - how to send password ?
On Thu, 2004-02-19 at 04:25, huwybach wrote: Sorry to 'bump' this one back to the list but I'm not clear - is there a way of appending a password to an Rsync command argument or is this just not possible/practical ? It's generally not a good idea to have this kind of option, because the password can show up in ps or shell histories. -- Dan Stromberg DCS/NACS/UCI [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh - how to send password ?
Sorry to 'bump' this one back to the list but I'm not clear - is there a way of appending a password to an Rsync command argument or is this just not possible/practical ? Thanks to all who replied with the SSH keys solution - I'll investigate this over the weekend - but I'd like to see what can be done with Rsync on it's own before adding ssh trickery into the mix !!! Hope you understand :-) Original Message: Hi, I'm trying to learn rsync and to aid this I'm trying some 'simple' syncronising over the net using SSH. What I can't find clearly explained in the docs is where to put the remote user password in the command line argument. For example I want to sync the two 'documents' directories - one on my local Linux box and another on a server in my office. The command I'm planning to use is: rsync -avz -e ssh /home/huw/documents [EMAIL PROTECTED]:/home/huw/documents/ What I can't find is where to put the password for the remote user ? TIA Huw -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh - how to send password ?
On Thu, Feb 19, 2004 at 12:25:37PM +, huwybach wrote: is there a way of appending a password to an Rsync command argument[?] No, rsync doesn't deal with remote-shell passwords at all. That's entirely between you and your remote shell of choice. Thanks to all who replied with the SSH keys solution - I'll investigate this over the weekend You might also be interested in HostbasedAuthentication or its ssh1 equivalent, RhostsRSAAuthentication. These allow you to create trust between two or more systems by having them note the host keys and IP addresses of the other systems you wish to trust. It authorizes all corresponding users between the systems (with the possible exception of the root user, depending on how you set it up). ..wayne.. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh - how to send password ?
What you need to do it setup a key on the remote machine, a tutorial to do this can be found at http://linuxproblem.org/art_9.html , hope this helps. Steve Sills Platnum Computers, President http://www.platnum.com [EMAIL PROTECTED] - Original Message - From: Huw Wyn Jones [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 3:04 PM Subject: ssh - how to send password ? Hi, I'm trying to learn rsync and to aid this I'm trying some 'simple' syncronising over the net using SSH. What I can't find clearly explained in the docs is where to put the remote user password in the command line argument. For example I want to sync the two 'documents' directories - one on my local Linux box and another on a server in my office. The command I'm planning to use is: rsync -avz -e ssh /home/huw/documents [EMAIL PROTECTED]:/home/huw/documents/ What I can't find is where to put the password for the remote user ? TIA Huw -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh keep absolute local paths from --include-from=file remotely
On Mon, Nov 10, 2003 at 01:58:07AM +0100, Thomas Otto wrote: So all I want is rsyncing files while preserving their _absolute_ paths on the target machine which doesn't seem possible. Check out the --relative (-R) option in the man page. That would let you do something like this: rsync -avR `cat /path/file-list` dest:/ Or, the CVS version of rsync which has the --files-from option: rsync -av --files-from=/path/file-list / dest:/ (Note that the --files-from option implies --relative.) ..wayne.. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh keep absolute local paths from --include-from=file remotely
On Mon, Nov 10, 2003 at 01:58:07AM +0100, Thomas Otto wrote: Hi! I am trying to do a IMHO rather trivial thing with rsync via ssh: I have some files under /etc and some under /home/thomas, I want to rsync just these to a remote PC with a similar setup where they should end up in the same dirs, and this with a single rsync call. Bascially 'tar --files-from FILE -cf - | netcat' and 'cd /; netcat | tar -xf -' with the optimisation rsync and the security ssh provides. I went up to doing fancy stuff like rsync -av -e ssh --include '*/' --exclude '*' --include-from=file / [EMAIL PROTECTED]:/ (file containing \n seperated /etc/bash.bashrc /etc/profile /home/thomas/testfile) It would be much simpler to just put all your patterns in the --include-from file. _Read_ the EXCLUDE PATTERNS section of the manpage. ..yet no success. rsync ends up either stating all files recursivly so i ^C or it just tries to dump them all into / (where I don't have write access). So all I want is rsyncing files while preserving their _absolute_ paths on the target machine which doesn't seem possible. Can someone point me to a patch or so? If not consider this as a feature request :) Doing this is a snap, you just need to understand the implications of the pattern matching. -- J.W. SchultzPegasystems Technologies email address: [EMAIL PROTECTED] Remember Cernan and Schmitt -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh-basic test
The broken ssh-basic test is fixed in the CVS version of rsync, but not in 2.5.6. It should work in the next release of rsync. You can get the new test from the rsync CVS server easily via the cvsweb interface: http://www.samba.org/cgi-bin/cvsweb/rsync/testsuite/ssh-basic.test?rev=1.6content-type=text/x-cvsweb-markup -- Steve -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: ssh-basic test
Steve Bonds [EMAIL PROTECTED] wrote: The broken ssh-basic test is fixed in the CVS version of rsync, but not in 2.5.6. Yup, the ssh-basic test in the CVS version *does* work - I just downloaded it and tried it. It should work in the next release of rsync. You can get the new test from the rsync CVS server easily via the cvsweb interface: http://www.samba.org/cgi-bin/cvsweb/rsync/testsuite/ssh-basic.test?rev=1.6content-type=text/x-cvsweb-markup Thanks. -- Hardy Merrill Red Hat, Inc. -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: SSH command when uploading files
2003-03-13T07:33:52 Reckhard, Tobias: However, from the output of rsync -vvv ... on the client and sshd -d ... on the server it appears to me that no command is passed to the sshd on the server when uploading data. I'm not sure about those techniques for finding it, I haven't tried 'em, but whether the techniques have a hole or there was an observational error, J.W. Schultz was right, you missed it. Here's the trick to find it. sshd deals with a .authorized_keys file where a key line is preceeded by command=foo bar baz (key here) by running foo, with args bar and baz, ignoring whatever command was requested by the client ssh. Instead, the client ssh's requested command is shoved into the environment variable SSH_ORIGINAL_COMMAND. So set up your key like this: command=/path/to/wrapper (key here) and have wrapper contain #!/bin/sh echo $SSH_ORIGINAL_COMMAND /tmp/sshcmdlog exec $SSH_ORIGINAL_COMMAND and try your rsync. It'll work as usual, and as a side-effect the command it requested will be logged. Then update your .authorized_keys line to reflect the exact command you want to allow and voila. -Bennett pgp0.pgp Description: PGP signature -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Re: .ssh files
[EMAIL PROTECTED](Steve Mallett) 23.12.02 08:52 Once upon a time Steve Mallett shaped the electrons to say... Seems so. The private key file MUST ONLY be readable to the user, no one else. chmod 600 Rainer Changing the perms to 600 did it. Tally Ho. But of cause many of other files will have it's correct permissions too! Check *all* files you restored. Maybe they are world writeable now. That's especially bad if they were owned or used by root etc... Rainer---= Vertraulich // // =--ocholl, Kiel, Germany -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Re: .ssh files
[EMAIL PROTECTED](Steve Mallett) 22.12.02 16:32 Once upon a time Steve Mallett shaped the electrons to say... I burned an .iso cd of the home dir of a server, What kind? Jouliett? Did you da a tar or cpio first to save all links my .ssh files are there, but if I restore from the cd using rsync -azurvp /mnt/cdrom/.ssh/* ~/.ssh the permissions seem screwy. What are they? I'm trying to use my id_dsa ssh key to login to other servers, but they don't acknowledge the key because the permission are incorrect. Any Suggestions? Did i screwup, by using mkisofs cdrecord to burn the cd? Seems so. The private key file MUST ONLY be readable to the user, no one else. chmod 600 Rainer -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Re: .ssh files
On Sun, Dec 22, 2002 at 04:32:19PM -0400, Steve Mallett wrote: I burned an .iso cd of the home dir of a server, my .ssh files are there, but if I restore from the cd using rsync -azurvp /mnt/cdrom/.ssh/* ~/.ssh the permissions seem screwy. I'm trying to use my id_dsa ssh key to login to other servers, but they don't acknowledge the key because the permission are incorrect. Any Suggestions? Did i screwup, by using mkisofs cdrecord to burn the cd? For obvious security reasons the files in ~/.ssh must be very precise, especially the identity files. Having your private keys publicly readable allows anyone to impersonate you. ssh correctly refuses to use these files if they are insecure. If they haven't already they should be adding checks for permissive ACLs to ssh. The ISO9660 semantics don't support POSIX permissions. Rock Ridge extensions _might_ add what you need but probably not. ISO9660 was meant to provide a least common denominator storage for removable media. The first way i know of that you can be sure of preserving this meta-data is to create an archive file (tar, cpio, etc.) and burn that on the cdr(w) either in an isofs or directly (read with: tar xf /dev/cdrom). The other way is to burn an image of a native filesystem. This is what i do. It is somewhat less portable since an iso9660 can be mounted on almost any platform but it not only preserves all the meta-data but it grants direct access to the files. The key here is to build the filesystem with the necessary options for a device having a hardware sector size of 2048 bytes. -- J.W. SchultzPegasystems Technologies email address: [EMAIL PROTECTED] Remember Cernan and Schmitt -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Re: ssh + permissions
Sure. Don't tell rsync to preserve permissions. This precludes the use of the -p, and --permsoptions, and the -a, and --archive options, which imply them. If your wording means that the permissions on the source are not appearing on the destination, change precludes to requires and and to or in the sentence above. Tim Conway [EMAIL PROTECTED] 303.682.4917 Philips Semiconductor - Longmont TC 1880 Industrial Circle, Suite D Longmont, CO 80501 Available via SameTime Connect within Philips, n9hmg on AIM perl -e 'print pack(, 19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), .\n ' There are some who call me Tim? C.Zimmermann [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/12/2002 05:01 AM To: [EMAIL PROTECTED] cc: (bcc: Tim Conway/LMT/SC/PHILIPS) Subject:ssh + permissions Classification: Hello, If I sync a filesystem using ssh to an remote server, all filepermissions on the remote site are gone. Is there a chance to preserve the permissions using ssh ? Thanks C. Zimmermann -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Re: ssh + permissions
On 12 Mar 2002, C.Zimmermann [EMAIL PROTECTED] wrote: The command I am using is: rsync -avx --hard-links --links --ignore-errors --perms --devices and the permissions on the source are not appearing on the destination and the destination ssh-account has no root-rights. Perhaps you mean that the file ownership is not the same on the destination machine? On most Unix systems, only root can change the ownership of a file. rsync cannot get around this restriction. So if you need to transfer files owned by multiple users and have the permissions be the same, then you must make the destination ssh account be root. Similarly only root can create device nodes. --devices cannot do anything unless the destination runs as root. Best regards, -- Martin -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
Re: SSH
Sounds pretty useful. I think perhaps it would be better at the -vv level though. - Dave On Thu, Jan 24, 2002 at 01:23:21PM +1100, Martin Pool wrote: I think we should make rsync say something like this when -v is specified: rsync: Attempting connection using ssh -v samba.org rsync --server or rsync: Attempting connection to samba.org:873 (12.3.23.32) via proxy gw1:80 (10.61.1.1) -- Martin
Re: SSH
2002-01-23-09:08:58 [EMAIL PROTECTED]: David L Nickel schrieb am Wed, Jan 23, 2002 at 09:02:30AM -0500: I added the enviroment variable RSYNC_RSH=ssh and every things seems to work fine, but there is no way to tell if rsync is actually using ssh or not? a. when in progress, watch top(1) or ps(1). You should see ssh processes. b. Utilise tcpdump(8). c. Make the command ssh -v and watch the verbose debugging output of ssh (which gets sent to stderr, which means rsync isn't bothered by it). d. Disable rsh altogether, remove the rsh client, stop and remove the rsh daemons [likely from inetd.conf], from both systems, and make sure rsync still works (my favourite approach). -Bennett msg02771/pgp0.pgp Description: PGP signature
Re: SSH Error
Ok, you're talking about ssh, and you're talking about a rsyncd. Except in rare cases, you don't use ssh to access rsyncd. I'm guessing you're doing something like rsync -e ssh remotehost:www localdestinationdirectory (-e ssh isn't needed if $RSYNC_SSH=ssh). drop the -e ssh and use TWO colons between the servername and the modulename. Tim Conway [EMAIL PROTECTED] 303.682.4917 Philips Semiconductor - Longmont TC 1880 Industrial Circle, Suite D Longmont, CO 80501 Available via SameTime Connect within Philips, n9hmg on AIM perl -e 'print pack(, 19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), .\n ' There are some who call me Tim? David L Nickel [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/15/2002 02:23 PM To: [EMAIL PROTECTED] cc: (bcc: Tim Conway/LMT/SC/PHILIPS) Subject:SSH Error Classification: I created a user on the machine I am attempting to mirror. I when I run rsync with this user I get the following errors receiving file list ... link_stat www : No such file or directory done client: nothing to do: perhaps you need to specify some filenames or the --recursive option? rsync error: partial transfer (code 23) at main.c(553) here is my conf file ## use chroot = no max connections = 5 syslog facility = local3 [www] path = /www comment = Web Directory hosts allow = *.*.1.118 read only = yes list = yes uid = root gid = wheel auth users = user ##
Re: ssh-rsync-newbie
Thanks Dave; In the literature there are many references to running rsync and ssh together. I need to use ssh because normal ftp is disabled on both my servers. I need to use rsync because it is, by miles, the best way to copy things across. I did notice, though, when I ran ssh in debug mode, I got the message: Method 'publickey' disabled. I suspect my problems are to do with this. Thanks, Pete - Original Message - From: Dave Dykstra [EMAIL PROTECTED] To: peter lindsay [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, October 17, 2001 10:47 PM Subject: Re: ssh-rsync-newbie On Wed, Oct 17, 2001 at 10:51:12AM +0100, peter lindsay wrote: Hi, I have two linux/apache servers running rsync and ssh. I can manually ( i.e. command line ) rsync between the servers with no difficulty - other than being required to enter a password before the rsync initiates. I wanted to put the process in a script and run it through cron(tab), but I still get prompted for the password. I've followed literature on this ( there seems to be plenty ) but cannot get further. I've looked at password files and public/private key generation. I suspected that perhaps my ssh installation was incomplete, but I don't know. Any suggestions gratefully received, Thanks, Pete Lindsay Again, before we go on, do you want to use ssh or do you want to use rsync --daemon? There are ways in both cases to do transfers without a password, but the way you do it is very different so let us know which one you want. Your original question showed you seemed to be trying both. With ssh, the easiest way is usually to do a ssh-keygen without a passphrase and copy the public key into ~/.ssh/authorized_keys on the server. With rsync --daemon, the default is no password but if that's a security problem you can use a secrets file on the server side and use the --password-file option on the client where the file is not world readable. - Dave Dykstra
Re: ssh-rsync-newbie
Hi, There's a help page on http://www.freebsddiary.org/secure-file-copy.php . I hope it helps you. The way to do it seems to be using ssh public-private keys, but I've tried this a few times and can't get it to work. I suspect that when my ssh was compiled, an option was left out. Anyway, good luck, Pete Lindsay - Original Message - From: David Dahl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, October 13, 2001 7:50 PM Subject: ssh-rsync-newbie warning: rsync/sysadmin newbie question... I want to sync the web directory from my production server to my backup server (through ssh). rsync is working fine, except that it doesn't seem to authenticate my rsync user which is not a system user. If I run the command manually, sshd asks for the far end user's password. If I use that user's password, the files are rsynced to a direcory inside the user's home directory, (i.e.: /root/www/). Do I need to write a shell script that allows for sshd authentication and rsyncd authenication? Does anyone have an example script that uses the same procedure? here are my config files and command: rsyncd.conf: motd file = /etc/rsyncd.motd log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock max connections = 2 [www] path = /var/www/html comment = path to HTDOCS dir uid = nobody gid = nobody read only = no list = yes auth users = www hosts allow = 10.10.10.10 secrets file = /etc/rsyncd.scrt == rsyncd.scrt: == www:password === rsync command: rsync --verbose --progress --stats --compress --rsh=/usr/bin/ssh \ --recursive --times --perms --links --delete \ /www/htdocs/* 10.10.10.10:www thanks in advance! David Dahl --
Re: ssh
On torsdag 22. mars 2001, 16:21, you wrote: Hi Williams, You were right, my sshd was not running on host2. However, when I re-start sshd and run the command I am asked for a root password. When I run rsync with --rsh option I am NOT prompt for password. How can I rsync with -e ssh without being prompt for a password? I run the commands from the script and can't be asked for a password. ${RSYNC_COMMAND} ${DOCUMENT_ROOT} host:${DOCUMENT_ROOT} ${LOG_FILEB} RSYNC_COMMAND=/usr/local/bin/rsync --rsync-path=/usr/local/bin/rsync -av -e /usr/local/bin/ssh Any hints? You need to generate a set of keys for ssh to use when authenticating. This is done using the ssh-keygen command which is part of the OpenSSH package. When generating, don't specify a passphrase when asked. You need to move your identity.pub (public key) to the host your are connecting to, while the identity key stays on the host you are connecting from. If this is all gobbledygook (or perhaps as understandable as Norwegian), then you need to read a bit of the OpenSSH documentation. Be aware of the fact that there are at least two versions of the ssh protocol in use, and several versions of the keys. All to make life easy. Come back if you hit the wall. Best regards -- Ragnar Wislff (speaker of Norwegian) -- life is a reach. then you gybe.
RE: SSH with non-default key
On 01-Dec-00 at 14:13:33 Adye, TJ (Tim) wrote: I am trying to work out how I can use rsync with ssh but also specifying the key to use. I want to run rsync/ssh via cron but need to use different keys from the same account. With just ssh this is not a problem - the -o option takes care of it. Which version of ssh is this? I use Unix ssh 1.2.x, and the option is -i. I run rsync with rsync -e"ssh -x -a -i IdFile" Sorry, I should have said. I'm using openSSH 2.3.0p1 mainly, some systems have the latest snapshot from the 29th (I think. There are some outstanding problems and I'd like them sorted out, so I'm delving further into the code to see if I can see anything. The problems are a bit nasty though :-( ) (-x -a turns off unnecessary X11 and agent forwarding for speed in setting up). If you want to specify the identity file as an option with -o, you need to use -o IdentityFile=IdFile (or if you really like to play with quotes, -o 'IdentityFile IdFile'). Yes, the '-o' option is what I use when invoking ssh from cron usually. Actually I use this so often that I have a wrapper script that allows the -i option (and several others) to be specified directly and then builds its own ssh command. Hmm, I'm trying to avoid 'wrappers'. I'd like to submit a (reasonably) simple one line cron job that does what I want. (Probably what we all want at least most of the time! :-) ) What's this IdentityFile2 option? That's a new one to me. It specifies the DSA key to use, as opposed to IdentityFile for RSA keys. As said, using the option works fine; I just can't seem to use it with rsync. The latest openSSH however I gather determines whether to use RSA/DSA by looking at the keys, and so has to some extent gone back to generic options like IdentityFile. I'll have another attempt this afternoon to see if I'm doing something silly. Thanks, John. John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] PGP key available from public key servers
RE: SSH with non-default key
On 01-Dec-00 at 14:59:38 John Horne wrote: On 01-Dec-00 at 14:13:33 Adye, TJ (Tim) wrote: I am trying to work out how I can use rsync with ssh but also specifying the key to use. I want to run rsync/ssh via cron but need to use different keys from the same account. With just ssh this is not a problem - the -o option takes care of it. Which version of ssh is this? I use Unix ssh 1.2.x, and the option is -i. I run rsync with rsync -e"ssh -x -a -i IdFile" Okay I've got this fixed now :-) I've been trying to use something like: -e "ssh -o'IdentityFile2 ~/.ssh/xxkey'" for some reason something doesn't like the arrangement of quotes (I have tried swapping them around but to no effect). I don't know if its rsync, ssh or the Korn shell I'm using (on a Sun system). Anyway, by using: -e "ssh -oIdentityFile2=~/.ssh/xxkey" this works fine :-) The first form is valid, but as said something doesn't like it. Thanks for your help, John. PS - for those reading this and use openSSH from cron and kept getting the 'Pseudo-tty will not be allocated...' message back (very annoying), I have received a patch for this since I pointed out on the developers list that the '-T' option was supposed to prevent a tty being allocated (and hence the message was not necessary). Hopefully the next release of openSSH will have this fixed once and for all :-) John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] PGP key available from public key servers