How to execute a safe and secure rsync in between web servers throughout an unsafe network

Basically what I'm asking is, has any person find a method through which to cover rsync inside ssh.

With OpenSSH v4.9+sftp has some wonderful alternatives that permit you to chroot the inbound link and also such - which is a remedy that I would certainly consider, nonetheless I'm stuck to RHEL, and also neither RHEL4 or RHEL5 are upto that variation of ssh.

My existing remedy is to add something similar to this to the web server - side making use of the customer customer is key ...

server% cat ~/.ssh/authorized_keys
command="cd /srv/rsync/etl && tar --exclude './lost+found' -pcf - ./" ssh-rsa...

...therefore the customer would certainly after that be limited to one point and also one point just ...

client% ssh -T -i ${HOME}/.ssh/id_rsa [email protected] > sensative.tar

This safeguards the link, along with the web server (from the customer), nonetheless mishandles as all documents will certainly be fetched over and also over once more.

I'm after doing something comparable (or simply far better) making use of rsync.

2019-12-02 02:59:02
Source Share
Answers: 2

Okay I ultimately figured this out, yet the remedy is not as classy as I had actually wished for.

One the web server side, you require to add the complying with to the authorized_keys apply for the pertinent customer ...

no-pty, command="exit"

On the customer, you can after that create a passage as adheres to ...

ssh -l username -fNTL 8073:server:873

Once the passage is establised, you can rsync based on common - making use of the double - colon syntax is not feasible - to localhost.

The localhost port number you select (8073) are totally optional clearly, simply bear in mind that that is what you need to rsync to ...

rsync --port=8073 -a [email protected]::mySecureStore /srv/some/place/
2019-12-04 06:31:49

Rsync sustains making use of ssh as a transportation

rsync -az /path/to/source [email protected]:/path/to/destination

some older variations of rsync need you to define ssh clearly

rsync -aze ssh /path/to/source host:/path/to/destination

A choice to making use of rsync is B. C. Pierce's Unison, which has comparable capability to rsync, yet maintains a neighborhood index at both ends to stay clear of needing to stroll the filesystem to compute the deltas

2019-12-03 04:58:20