Page 1 of 1
rsync over network ss key-based authentication
Posted: 2019/12/06 12:48:46
by wp.rauchholz
Can't get it work nor find a solution on internet.
I do run my linux homer server and want to backup the latops onto it.
I set ssh such that one need a certificate and that certificate is protected by a password.
How can I solve this with rsync?
Or is there a better method to backtp?
Thanks for the help.
Wolfgang
Re: rsync over network ss key-based authentication
Posted: 2019/12/06 14:05:00
by jlehtone
recap:
1. You have ssh keypairs
2. You can ssh from laptop to server with ssh key
3. You can rsync from laptop to server
The backup "is not you" and hence it can't use the key?
Re: rsync over network ss key-based authentication
Posted: 2019/12/07 14:49:42
by wp.rauchholz
I was not precise in my description.
I want to do the backup using cron without having to enter the password for the certificate.
Wolfgang
Re: rsync over network ss key-based authentication
Posted: 2019/12/07 16:34:43
by tunk
How does you cron entry look like?
And I think it is recommended to use systemd timers.
Re: rsync over network ss key-based authentication
Posted: 2019/12/08 07:31:50
by wp.rauchholz
So far I got to here:
rsync -arvz -e 'ssh -p port' --modify-window=1 -- progress --delete <FROM> <user>@<host>
How can I fiddle in the password so that the system does not ask for it?
Wolfgang
Re: rsync over network ss key-based authentication
Posted: 2019/12/08 11:51:10
by jlehtone
With ssh keys there are two methods that I know of:
1. Keypair with empty passphrase. Anyone who gets copy of that private key can login to all systems that have the corresponding public key.
2. Key loaded to ssh-agent service and ssh told on what socket the service listens. Anyone who can access agent's socket can login to all systems that have the public key.
You definitely do not want to store the password of a remote system in a command-line, because anyone can see them with 'ps'.
How about BackupPC
http://backuppc.github.io/backuppc/index.html
EPEL has that as package.
Re: rsync over network ss key-based authentication
Posted: 2019/12/09 21:25:15
by Errosion
A couple of questions...
I set ssh such that one need a certificate and that certificate is protected by a password.
What do you mean by this?
You set up ssh to need an SSL certificate? (And that certificate is protected by a password?)
Or that you set up SSH to use ssh keys? (And one of the keys is protected by a password?)
If you are using SSH keys properly, you don't really need to password protect them as the visibility of those keys would only be to the user by which the keys are being used under (most likely, your own. But maybe root.) And even then, you only need to keep the private key secret. The public key can be placed wherever necessary. Likewise, if the ssh keys are set up properly, you won't need a password at all between the two servers.
If you are attempting to use an SSL certificate or some other method within ssh, that will be an entirely different story.