rsync over network ss key-based authentication

Issues related to configuring your network
Post Reply
wp.rauchholz
Posts: 133
Joined: 2016/11/20 11:58:45

rsync over network ss key-based authentication

Post by wp.rauchholz » 2019/12/06 12:48:46

Can't get it work nor find a solution on internet.
I do run my linux homer server and want to backup the latops onto it.
I set ssh such that one need a certificate and that certificate is protected by a password.
How can I solve this with rsync?
Or is there a better method to backtp?

Thanks for the help.

Wolfgang

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: rsync over network ss key-based authentication

Post by jlehtone » 2019/12/06 14:05:00

recap:
1. You have ssh keypairs
2. You can ssh from laptop to server with ssh key
3. You can rsync from laptop to server

The backup "is not you" and hence it can't use the key?

wp.rauchholz
Posts: 133
Joined: 2016/11/20 11:58:45

Re: rsync over network ss key-based authentication

Post by wp.rauchholz » 2019/12/07 14:49:42

I was not precise in my description.
I want to do the backup using cron without having to enter the password for the certificate.

Wolfgang

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: rsync over network ss key-based authentication

Post by tunk » 2019/12/07 16:34:43

How does you cron entry look like?
And I think it is recommended to use systemd timers.

wp.rauchholz
Posts: 133
Joined: 2016/11/20 11:58:45

Re: rsync over network ss key-based authentication

Post by wp.rauchholz » 2019/12/08 07:31:50

So far I got to here:

rsync -arvz -e 'ssh -p port' --modify-window=1 -- progress --delete <FROM> <user>@<host>

How can I fiddle in the password so that the system does not ask for it?

Wolfgang

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: rsync over network ss key-based authentication

Post by jlehtone » 2019/12/08 11:51:10

With ssh keys there are two methods that I know of:
1. Keypair with empty passphrase. Anyone who gets copy of that private key can login to all systems that have the corresponding public key.
2. Key loaded to ssh-agent service and ssh told on what socket the service listens. Anyone who can access agent's socket can login to all systems that have the public key.

You definitely do not want to store the password of a remote system in a command-line, because anyone can see them with 'ps'.


How about BackupPC http://backuppc.github.io/backuppc/index.html
EPEL has that as package.

User avatar
Errosion
Posts: 43
Joined: 2014/12/03 19:58:02

Re: rsync over network ss key-based authentication

Post by Errosion » 2019/12/09 21:25:15

A couple of questions...
I set ssh such that one need a certificate and that certificate is protected by a password.
What do you mean by this?
You set up ssh to need an SSL certificate? (And that certificate is protected by a password?)
Or that you set up SSH to use ssh keys? (And one of the keys is protected by a password?)

If you are using SSH keys properly, you don't really need to password protect them as the visibility of those keys would only be to the user by which the keys are being used under (most likely, your own. But maybe root.) And even then, you only need to keep the private key secret. The public key can be placed wherever necessary. Likewise, if the ssh keys are set up properly, you won't need a password at all between the two servers.

If you are attempting to use an SSL certificate or some other method within ssh, that will be an entirely different story.

Post Reply