Categories: Commands

Command for Rsync over SSH – Unix/Linux

Command for Rsync over SSH 

 Common Syntax for Rsync:

# rsync [options] Source Destinations.

Set up a secure backup with rsync + SSH of one system to the other.

backup.example.com# rsync -avz --numeric-ids --delete root@myserver.example.com:/path/ /backup/myserver/

To do the backup, you have to be root on the remote server, because some files are only root readable.

Problem: you will allow backup.example.com to do anything on myserver.example.com, where just read only access on the directory is sufficient.

Then, use the command="" directive in the authorized_keys file to filter the command.

Find this command, start rsync adding the -e'ssh -v' option:

rsync -avz -e'ssh -v' --numeric-ids --delete root@myserver.example.com:/path/ /backup/myserver/ 2>&1 | grep "Sending command"

Result like:

debug1: Sending command: rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/

Now, just add the command before the key in /root/.ssh/authorized_keys:

command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/" ssh-rsa AAAAB3NzaC1in2EAAAABIwAAABio......

And for even more security, add an IP filter, and other options:

from="backup.example.com",command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1in2EAAAABIwAAABio......

Now try to open a ssh shell on the remote server.. and try some unauthorized rsync commands…

 

 

 

Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.
View all posts
Tags: backupcommandIPremote serverrootrsync commandsRsync over SSHSECURITYSSHssh shell
10 years ago
Leave a Comment

Recent Posts

Step-by-Step Guide to Implementing a CDN for WordPress

Picture this: Your WordPress site is like that one friend who's always fashionably late to everything. You know, the one…

5 days ago

The Truth Behind AI Detectors: Trust or Distrust?

In a world where artificial intelligence is rapidly reshaping our digital landscape, AI detectors have emerged as both guardians and…

2 weeks ago

What are the advantages of using VPS for e-learning?

In today's digital age, e-learning has become more than just a convenience – it's a necessity. As virtual classrooms and…

3 weeks ago

Updated cPanel License Price in Jan 2025: A Comprehensive Guide

Are you ready for another cPanel price adjustment? As we have approached January 2025, cPanel has rolled out significant changes…

2 months ago

Finding Your Fit: Website Builder or WordPress for Your Site?

In this growing digital world, having a website is not enough—it’s a crucial and much-needed option. But here's the challenge…

2 months ago

Resources