Rsync passwordless ssh login in Linux and Unix

rsync passwordless
rsync-passwordless


Rsync passwordless ssh login Introduction

In this article you will learn about how to setup rsync passwordless login. The whole experiment was performed on CentOS7 . It can also be performed on other distribution of Linux and UNIX. Rsync passwordless login works by generating two keys in the local server, one private key and another public key. Public keys are copied to the remote server. This establishes a trust between the two servers  for trouble-free synchronization of files and other documents. The two important tools of Linux which are used to accomplish the task are as follows.

  • ssh-keygen - It generates two keys (Private & Public), Private key is used to determine the identity of the local server and the public key for determining the identity of remote hosts.

  • ssh-copy-id - This tools is used to copy the public key from the local host to the remote host.

    This tutorial is explained in details and step by step given to set up rsync passwordless ssh login.

How to take backup with rsync

Normally when you take backup with rsync tool you need to give the password of the remote server for the backup to process.
Also see a thorough tutorial on Rsync Linux examples
.

Below is the example of general syntax of the rsync to take backup from local to a remote server. You have to give the source and the destination path. To take backup from local to remote server between two different OS (i.e. between Linux and Windows, you need to install third party application on Windows. Check out Rsync over ssh Windows

# rsync -avzb -e ssh /root/Maildir/ techsakh@192.168.0.8:/home/techsakh/backup/
techsakh@192.168.0.8's password:
sending incremental file list
./
cur/
new/
tmp/
sent 797321 bytes  received 2782 bytes  94129.76 bytes/sec
total size is 5158361  speedup is 6.45

Step1. Generate ssh key

ssh-keygen tool is used to generate private key and public key on your local computer. Private key will be saved on your computer whereas you need to copy public key and paste it in the remote server for rsync passwordless login.
But is password less login is safe?
The answer is Password can be cracked with some hacking tool like brute force, but it is almost impossible to decrypt SSH keys alone with the brute force. 
See the below example of creating a private and a public key. You will be asked to save the key to a file and enter passphrase, no need to give any password or passphrase, just press enter.

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.

To know more about ssh-keygen, see the man page.

$ man ssh-keygen

Check out the article mysql import dump to learn about importing dump in database.

Step2. Copy public key to remote server

Now copy the ssh public key from your local computer to the remote server for password less login. You will be asked to provide the remote server password for the last time.
'ssh-copy-id' tool is used to copy the public key to the remote server.

$ ssh-copy-id -i /home/john/.ssh/id_rsa.pub 192.168.0.8
The authenticity of host '192.168.0.8 (192.168.0.8)' can't be established.
ECDSA key fingerprint is ################################################
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
techsakh@192.168.0.8's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '192.168.0.8'"
and check to make sure that only the key(s) you wanted were added.

Step3. Test your ssh connection without password

Before attempting for password less login with rsync, test your password less ssh login first. See the below example, you should get the similar output as given below.

$ ssh 192.168.0.8
Last login: Sun Sep 18 00:26:26 2016 from smtp.techsakh.com

Step4. Try rsync passwordless backup

Take the backup with rsync again, but this time it won't ask for any password.

# rsync -avzb -e ssh /root/Maildir/ techsakh@192.168.0.8:/home/techsakh/backup/
sending incremental file list
cur/
new/
tmp/
sent 797318 bytes  received 2779 bytes  320038.80 bytes/sec
total size is 5158361  speedup is 6.45

Also see rsync exclude-from tutorial to know how to exclude files and directories when taking backup.

Automate rsync passwordless backup

Use cron to automate the entire task of backup with rsync passwordless login. If you have a plan to take the backup on a daily basis, create a shell script and automate it with cron. Look at the following example.

Create a file called daily_backup inside cron.daily directory.

# cd /etc/cron.daily
# vi daily_backup
#!/bin/sh
rsync -azvbp -e 'ssh -p 22' /root/Maildir/ techsakh@192.168.0.8:/home/techsakh/backup/

After you have saved the file, change the permission of the file to executable.

# chmod +x daily_backup

Secure (ssh) rsync passwordless login

Copying the ssh public key to the remote server and enabling password less login is no doubt very secure, but if your ssh private key fell into the wrong hands, that wrong hand would also easily get the access of your other remote server from anywhere on the internet, and that would be hazardous.
The better choice is restricting  the ssh-key and allowing the ssh-key only with specific IP in your remote server. See the below example.

Locate the file 'authorized_keys' in the remote server. This file is usually inside the directory .ssh/authorized_keys.

# locate authorized_keys

Open the file for edit

In my remote server the path of the file is given below. In your case the path may be different.

# vi /home/techsakh/.ssh/authorized_keys

The format of the authorized_keys file is.

options keytype base64-encoded-key comment

The keytype, base64-encoded-key and comment is pre defined inside the file. But you can edit the options section. In the options section you need to add the authorized IP and the domain. To add the IP you have to follow the format "from='pattern_list'". See the given example.

from="172.158.16.83,*.techsakh.com" ssh-rsa AABB2CGFTRMQSS243JUI.. john@example.com
In the above example login will only allow from the client if it comes from the IP 172.158.16.83 or with a host 'example.com' domain.
Here,

Options---> from="172.158.16.83,*.techsakh.com"
Keytype---> ssh-rsa
Base64-encoded-key---> AABB2CGFTRMQSS243JUI..
Comment---> john@example.com

 


This is it with the article Rsync passwordless ssh login in Linux and Unix.

See also
Rsync command examples in Linux
Rsync exclude directory and folders
Rsnapshot (Rsync) based utility to take backups


 

Download Our Free eBook now

Linux and UNIX Shell scripting ebook

1 Comment on Rsync passwordless ssh login in Linux and Unix

Leave a Reply

Your email address will not be published.


*


shares