rsync all files of remote machine over SSH without root user?

up vote
63
down vote

favorite

I have this command to backup a remote machine. The problem is that I need root rights to read and copy all files. I have no root user enabled for security reasons and use sudo the Ubuntu way. Would I need some cool piping or something to do this?

rsync -chavzP --stats user@192.168.1.2:/ /media/backupdisk/myserverbackup/

edited Mar 4 at 15:10

asked Sep 24 '13 at 3:43

redanimalwar

430157

3

Just use the root account in the first place. sudo, especially combined with NOPASSWD as recommended in the comments, doesn't really improve the security of your machine.
– Martin von Wittich
Sep 24 '13 at 12:01

add a comment |

up vote
63
down vote

favorite

rsync -chavzP --stats user@192.168.1.2:/ /media/backupdisk/myserverbackup/

edited Mar 4 at 15:10

asked Sep 24 '13 at 3:43

redanimalwar

430157

3

Just use the root account in the first place. sudo, especially combined with NOPASSWD as recommended in the comments, doesn't really improve the security of your machine.
– Martin von Wittich
Sep 24 '13 at 12:01

add a comment |

up vote
63
down vote

favorite

rsync -chavzP --stats user@192.168.1.2:/ /media/backupdisk/myserverbackup/

edited Mar 4 at 15:10

asked Sep 24 '13 at 3:43

redanimalwar

430157

rsync -chavzP --stats user@192.168.1.2:/ /media/backupdisk/myserverbackup/

ubuntu ssh backup rsync

edited Mar 4 at 15:10

asked Sep 24 '13 at 3:43

redanimalwar

430157

edited Mar 4 at 15:10

asked Sep 24 '13 at 3:43

redanimalwar

430157

edited Mar 4 at 15:10

asked Sep 24 '13 at 3:43

redanimalwar

430157

asked Sep 24 '13 at 3:43

redanimalwar

430157

asked Sep 24 '13 at 3:43

redanimalwar

430157

3

Just use the root account in the first place. sudo, especially combined with NOPASSWD as recommended in the comments, doesn't really improve the security of your machine.
– Martin von Wittich
Sep 24 '13 at 12:01

add a comment |

3

Just use the root account in the first place. sudo, especially combined with NOPASSWD as recommended in the comments, doesn't really improve the security of your machine.
– Martin von Wittich
Sep 24 '13 at 12:01

Just use the root account in the first place. sudo, especially combined with NOPASSWD as recommended in the comments, doesn't really improve the security of your machine.
– Martin von Wittich
Sep 24 '13 at 12:01

add a comment |

7 Answers
7

active

oldest

votes

up vote
77
down vote

accepted

I would recommend that you just use the root account in the first place. If you set it up like this:

Configure your sshd_config on the target machine to PermitRootLogin without-password.

Use ssh-keygen on the machine that pulls the backup to create an SSH private key (only if you don't already have an SSH key). Do not set a passphrase. Google a tutorial if you need details for this, there should be plenty.

Append the contents of /root/.ssh/id_rsa.pub of the backup machine to the /root/.ssh/authorized_keys of your target machine.

Now your backup machine has root access to your target machine, without having to use password authentication.

then the resulting setup should be pretty safe.

sudo, especially combined with NOPASSWD as recommended in the comments, has no security benefits over just using the root account. For example this suggestion:

add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync

essentially gives rsyncuser root permissions anyway. You ask:

@MartinvonWittich Easy to gain a full root shell because rsync executed with sudo? Walk [m]e [through] that please.

Well, simple. With the recommended configuration, rsyncuser may now run rsync as root without even being asked for a password. rsync is a very powerful tool to manipulate files, so now rsyncuser has a very powerful tool to manipulate files with root permissions. Finding a way to exploit this took me just a few minutes (tested on Ubuntu 13.04, requires dash, bash didn't work):

martin@martin ~ % sudo rsync --perms --chmod u+s /bin/dash /bin/rootdash

martin@martin ~ % rootdash

# whoami

root

# touch /etc/evil

# tail -n1 /etc/shadow

dnsmasq:*:15942:0:99999:7:::

As you can see, I have created myself a root shell; whoami identifies my account as root, I can create files in /etc, and I can read from /etc/shadow. My exploit was to set the setuid bit on the dash binary; it causes Linux to always run that binary with the permissions of the owner, in this case root.

Having a real root is not [recommended] for good reasons. – redanimalwar 15 hours ago

No, clumsily working around the root account in situations where it is absolutely appropriate to use it is not for good reasons. This is just another form of cargo cult programming - you don't really understand the concept behind sudo vs root, you just blindly apply the belief "root is bad, sudo is good" because you've read that somewhere.

On the one hand, there are situations where sudo is definitely the right tool for the job. For example, when you're interactively working on a graphical Linux desktop, let's say Ubuntu, then having to use sudo is fine in those rare cases where you sometimes need root access. Ubuntu intentionally has a disabled root account and forces you to use sudo by default to prevent users from just always using the root account to log in. When the user just wants to use e.g. the web browser, then logging in as root would be a dangerous thing, and therefore not having a root account by default prevents stupid people from doing this.

On the other hand, there are situations like yours, where an automated script requires root permissions to something, for example to make a backup. Now using sudo to work around the root account is not only pointless, it's also dangerous: at first glance rsyncuser looks like an ordinary unprivileged account. But as I've already explained, it would be very easy for an attacker to gain full root access if he had already gained rsyncuser access. So essentially, you now have an additional root account that doesn't look like a root account at all, which is not a good thing.

edited Aug 30 '16 at 12:40

answered Sep 25 '13 at 20:54

Martin von Wittich

9,82933157

2

Nice explanation. Would another reason for using sudo over root be in the situation where multiple people have sysadmin roles on a server? This way each can use their own SSH keys instead of sharing the SSH key of root?
– Nathan S. Watson-Haigh
Jan 22 '14 at 21:33

2

@NathanS.Watson-Haigh you could just as easy put all SSH keys into /root/.ssh/authorized_keys, or even create multiple root accounts with different homes so each user can have his own shell, home and .ssh/authorized_keys :)
– Martin von Wittich
Jan 23 '14 at 11:17

2

You can restrict ssh keys to only allowing certain commands, too. Definitely a good idea, since if you're automating something, you will probably be making these ssh keys without any passphrase, or at least so they're accessible all the time a machine is running. (meaning that root on that machine grants access to root on other machines.)
– Peter Cordes
Mar 7 '15 at 15:10

2

Martin's concerns regarding using sudo root are valid, but it seems they could be mitigated by specifying the exact rsync parameters in the sudoers file. According to the sudoers(5) man page on Ubuntu: "If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any)." If the sudoers file specifies the exact rsync command with the exact options (including source and destination), then it seems it should be safe.
– user155566
Feb 8 '16 at 18:41

4

One consideration not brought up earlier: sshd generally does not log which authorized key was used to connect to an account, so if you connect as bob then sudo, you get a better audit trail than if you connect in to root directly with bob's key.
– Coderer
Jun 15 '16 at 12:44

|
show 6 more comments

up vote
65
down vote

Make use of the --rsync-path option to make the remote rsync command run with sudo privileges. Your command should then be e.g.:

rsync -chavzP --rsync-path="sudo rsync" --stats user@192.168.1.2:/ .

If sudo prompts you for a password, you have to avoid that either by using a NOPASSWD privilege with the remote user account (pointless for root, may make sense in other use cases), or if you don't want to do that:

Make sure that the option tty_tickets is disabled for the user you
are using, by running e.g. sudo visudo -f /etc/sudoers.d/local-rsync
and entering:
```
Defaults:your.username.for.rsync !tty_tickets
```

Make sure that the option requiretty is disabled for the user you are
using - it could be off by default. The method is the same as above.

Seed the sudo password on the remote machine, by running e.g.
ssh -t user@192.168.1.2 sudo

edited Nov 23 at 8:29

Josip Rodin

911412

answered Sep 24 '13 at 4:00

M_dk

1,04979

1

@scai the password that is asked for is most likely the sudo password, not the ssh password
– umläute
Sep 24 '13 at 8:15

2

@redanimalwar allows your user to sudo /usr/bin/rsync without asking for a passphrase; check man sudoers for how to do this; you might want to create an extra backup user for this.
– umläute
Sep 24 '13 at 8:17

5

To allow sudo /usr/bin/rsync to run without requiring as password add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync This will allow the user rsyncuser (as mentioned above it would be best to create a dedicated backup user) with the username you want.
– M_dk
Sep 24 '13 at 9:38

4

@M_dk now rsync essentially always has root permissions; it's probably very easy to gain a full root shell in that account. I think it's better to just use the real root account in the first place.
– Martin von Wittich
Sep 24 '13 at 12:00

1

The answer in no way speaking of echo "password" | something I actually never used this and agree with the security problems coming with letting sudoless execution of rsync (also not suggested here) is bad. What the tty_tickets does I have actually no idea, seems needed and a security issue. This would work securely without tweaking anything by just running sodo on ssh and then executing the command right? But since I asked that question for scriping purposes, I totally agree that key based ssh without pw is the secure and right was to do. I accepted Martins answer instead.
– redanimalwar
Mar 7 '15 at 16:47

|
show 8 more comments

up vote
17
down vote

One simple way to do this is to use the graphical ssh-askpass program with sudo, this gets around the fact that sudo is not connected to the terminal and allows you to enter the password safely:

rsync -chavzPe 'ssh -X' --stats 

  --rsync-path='SUDO_ASKPASS=/usr/lib/ssh/x11-ssh-askpass sudo -A rsync' 

  user@192.168.1.2:/ .

Of course the ssh-askpass program must be installed in the given location and you must be running an X session on the machine you are working on. There are a few variations on the ssh-askpass program which should also work (Gnome/KDE versions). Also a graphical sudo replacement program like gksu or kdesudo should also work.

answered Jun 19 '14 at 8:34

Graeme

24.7k46296

rsync --rsh='ssh -X' --rsync-path='gksudo -- rsync' user@host:/ . doesn't work. rsync error: syntax or usage error (code 1) at main.c(1634) [server=3.1.1]. Oh, ubuntu does ship gnome-ssh-askpass, but it's /usr/bin/ssh-askpass, instead of /usr/lib/ssh/x11.... So that worked :)
– Peter Cordes
Mar 7 '15 at 15:05

1

This is one of the better solutions as it doesn't need any reconfiguration on the other end -- just needs the askpass installed and X forwarding enabled, both of which should be fairly common.
– David Gardner
Aug 4 '15 at 10:55

1

Works like a charm after installing ssh-askpass. I just had to look up the meaning of -chavzPe, would be great to spell these out as long options.
– krlmlr
Oct 14 '16 at 16:19

add a comment |

up vote
7
down vote

If your user has already sudo privileges which are protected with a password I would keep them as-is and only add a stanza to use rsync without a password:

%admin ALL=(ALL) ALL

%admin ALL= NOPASSWD:/usr/bin/rsync

answered Jun 11 '14 at 18:39

Gunnar Thielebein

7111

add a comment |

up vote
5
down vote

I ran into this problem today and solved it without the need for modifying configuration files or granting root-level permissions to user accounts. My particular set-up was that user A on machine foo had to copy all of the user directories from foo to machine bar in a backup directory that user A owned. (User A has sudo privileges on foo.)

The command I used is below. It was invoked by user A in the /home directory on foo.

sudo rsync -avu -e "ssh -i /home/A/.ssh/id_rsa -l A"  * B:/home/backup

This runs rsync as sudo so that all user directories on foo can be accessed but it tells rsync to use ssh to access machine bar using user A's credentials. My needs were slightly different than the question above but this allowed me to quickly get a backup of all the user directories on a particular machine I manage without mucking with the system's configuration.

answered Sep 14 '15 at 0:11

Ken Anderson

15112

2

This is brilliant. I forgot about the -i option to ssh. You can use --rsync-path="sudo /usr/bin/rsync" if you have sudo on machine bar. This then does reading as root@foo and writing as root@bar, but transferring via A@foo -> B@bar. Thanks!
– ctbrown
Jan 21 '16 at 18:09

add a comment |

up vote
3
down vote

Running rsync as daemon on the target machine allows you to do what you want.

edited Sep 9 '14 at 16:38

drs

3,29352858

answered Sep 9 '14 at 16:16

Konstantin

1444

1

I upvoted this answer, but it would be better w/ some explanation of how to get the rsynch daemon running, and how you use it w/ root access.
– Mike Lippert
Feb 9 '15 at 16:29

rsync as daemon wouldn't match this case, because rsync will drop root permissions even when started as root then not all files could be transferred.
– teissler
Apr 22 '16 at 7:57

add a comment |

up vote
2
down vote

My solution is to use --rsync-path="sudo rsync" but it ask for password, workaround:

rsync -chavzP --stats --rsync-path="echo <SUDOPASS> | sudo -Sv && sudo rsync"  user@192.168.1.2:/ .

answered Dec 25 '17 at 9:29

Bulat

291

1

It usually isn't a good idea to put passwords into a command line one-liner; they become visible in the process tree, for example. I sometimes replace the actual password in this type of statement with $( cat my_password.txt ) which is slightly better, but it is usually preferred to configure the permissions on either end, and/or use SSH keys, in such a way that passwords aren't required on the CLI
– JDS
May 2 at 15:13

add a comment |

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f92123%2frsync-all-files-of-remote-machine-over-ssh-without-root-user%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

7 Answers
7

active

oldest

votes

7 Answers
7

active

oldest

votes

up vote
77
down vote

accepted

I would recommend that you just use the root account in the first place. If you set it up like this:

Configure your sshd_config on the target machine to PermitRootLogin without-password.

Use ssh-keygen on the machine that pulls the backup to create an SSH private key (only if you don't already have an SSH key). Do not set a passphrase. Google a tutorial if you need details for this, there should be plenty.

Append the contents of /root/.ssh/id_rsa.pub of the backup machine to the /root/.ssh/authorized_keys of your target machine.

Now your backup machine has root access to your target machine, without having to use password authentication.

then the resulting setup should be pretty safe.

sudo, especially combined with NOPASSWD as recommended in the comments, has no security benefits over just using the root account. For example this suggestion:

add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync

essentially gives rsyncuser root permissions anyway. You ask:

@MartinvonWittich Easy to gain a full root shell because rsync executed with sudo? Walk [m]e [through] that please.

martin@martin ~ % sudo rsync --perms --chmod u+s /bin/dash /bin/rootdash

martin@martin ~ % rootdash

# whoami

root

# touch /etc/evil

# tail -n1 /etc/shadow

dnsmasq:*:15942:0:99999:7:::

Having a real root is not [recommended] for good reasons. – redanimalwar 15 hours ago

edited Aug 30 '16 at 12:40

answered Sep 25 '13 at 20:54

Martin von Wittich

9,82933157

2

Nice explanation. Would another reason for using sudo over root be in the situation where multiple people have sysadmin roles on a server? This way each can use their own SSH keys instead of sharing the SSH key of root?
– Nathan S. Watson-Haigh
Jan 22 '14 at 21:33

2

@NathanS.Watson-Haigh you could just as easy put all SSH keys into /root/.ssh/authorized_keys, or even create multiple root accounts with different homes so each user can have his own shell, home and .ssh/authorized_keys :)
– Martin von Wittich
Jan 23 '14 at 11:17

2

You can restrict ssh keys to only allowing certain commands, too. Definitely a good idea, since if you're automating something, you will probably be making these ssh keys without any passphrase, or at least so they're accessible all the time a machine is running. (meaning that root on that machine grants access to root on other machines.)
– Peter Cordes
Mar 7 '15 at 15:10

2

Martin's concerns regarding using sudo root are valid, but it seems they could be mitigated by specifying the exact rsync parameters in the sudoers file. According to the sudoers(5) man page on Ubuntu: "If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any)." If the sudoers file specifies the exact rsync command with the exact options (including source and destination), then it seems it should be safe.
– user155566
Feb 8 '16 at 18:41

4

One consideration not brought up earlier: sshd generally does not log which authorized key was used to connect to an account, so if you connect as bob then sudo, you get a better audit trail than if you connect in to root directly with bob's key.
– Coderer
Jun 15 '16 at 12:44

|
show 6 more comments

up vote
77
down vote

accepted

I would recommend that you just use the root account in the first place. If you set it up like this:

Configure your sshd_config on the target machine to PermitRootLogin without-password.

Use ssh-keygen on the machine that pulls the backup to create an SSH private key (only if you don't already have an SSH key). Do not set a passphrase. Google a tutorial if you need details for this, there should be plenty.

Append the contents of /root/.ssh/id_rsa.pub of the backup machine to the /root/.ssh/authorized_keys of your target machine.

Now your backup machine has root access to your target machine, without having to use password authentication.

then the resulting setup should be pretty safe.

sudo, especially combined with NOPASSWD as recommended in the comments, has no security benefits over just using the root account. For example this suggestion:

add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync

essentially gives rsyncuser root permissions anyway. You ask:

@MartinvonWittich Easy to gain a full root shell because rsync executed with sudo? Walk [m]e [through] that please.

martin@martin ~ % sudo rsync --perms --chmod u+s /bin/dash /bin/rootdash

martin@martin ~ % rootdash

# whoami

root

# touch /etc/evil

# tail -n1 /etc/shadow

dnsmasq:*:15942:0:99999:7:::

Having a real root is not [recommended] for good reasons. – redanimalwar 15 hours ago

edited Aug 30 '16 at 12:40

answered Sep 25 '13 at 20:54

Martin von Wittich

9,82933157

2

Nice explanation. Would another reason for using sudo over root be in the situation where multiple people have sysadmin roles on a server? This way each can use their own SSH keys instead of sharing the SSH key of root?
– Nathan S. Watson-Haigh
Jan 22 '14 at 21:33

2

@NathanS.Watson-Haigh you could just as easy put all SSH keys into /root/.ssh/authorized_keys, or even create multiple root accounts with different homes so each user can have his own shell, home and .ssh/authorized_keys :)
– Martin von Wittich
Jan 23 '14 at 11:17

2

You can restrict ssh keys to only allowing certain commands, too. Definitely a good idea, since if you're automating something, you will probably be making these ssh keys without any passphrase, or at least so they're accessible all the time a machine is running. (meaning that root on that machine grants access to root on other machines.)
– Peter Cordes
Mar 7 '15 at 15:10

2

Martin's concerns regarding using sudo root are valid, but it seems they could be mitigated by specifying the exact rsync parameters in the sudoers file. According to the sudoers(5) man page on Ubuntu: "If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any)." If the sudoers file specifies the exact rsync command with the exact options (including source and destination), then it seems it should be safe.
– user155566
Feb 8 '16 at 18:41

4

One consideration not brought up earlier: sshd generally does not log which authorized key was used to connect to an account, so if you connect as bob then sudo, you get a better audit trail than if you connect in to root directly with bob's key.
– Coderer
Jun 15 '16 at 12:44

|
show 6 more comments

up vote
77
down vote

accepted

I would recommend that you just use the root account in the first place. If you set it up like this:

Configure your sshd_config on the target machine to PermitRootLogin without-password.

Use ssh-keygen on the machine that pulls the backup to create an SSH private key (only if you don't already have an SSH key). Do not set a passphrase. Google a tutorial if you need details for this, there should be plenty.

Append the contents of /root/.ssh/id_rsa.pub of the backup machine to the /root/.ssh/authorized_keys of your target machine.

Now your backup machine has root access to your target machine, without having to use password authentication.

then the resulting setup should be pretty safe.

sudo, especially combined with NOPASSWD as recommended in the comments, has no security benefits over just using the root account. For example this suggestion:

add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync

essentially gives rsyncuser root permissions anyway. You ask:

@MartinvonWittich Easy to gain a full root shell because rsync executed with sudo? Walk [m]e [through] that please.

martin@martin ~ % sudo rsync --perms --chmod u+s /bin/dash /bin/rootdash

martin@martin ~ % rootdash

# whoami

root

# touch /etc/evil

# tail -n1 /etc/shadow

dnsmasq:*:15942:0:99999:7:::

Having a real root is not [recommended] for good reasons. – redanimalwar 15 hours ago

edited Aug 30 '16 at 12:40

answered Sep 25 '13 at 20:54

Martin von Wittich

9,82933157

I would recommend that you just use the root account in the first place. If you set it up like this:

Configure your sshd_config on the target machine to PermitRootLogin without-password.

Use ssh-keygen on the machine that pulls the backup to create an SSH private key (only if you don't already have an SSH key). Do not set a passphrase. Google a tutorial if you need details for this, there should be plenty.

Append the contents of /root/.ssh/id_rsa.pub of the backup machine to the /root/.ssh/authorized_keys of your target machine.

Now your backup machine has root access to your target machine, without having to use password authentication.

then the resulting setup should be pretty safe.

sudo, especially combined with NOPASSWD as recommended in the comments, has no security benefits over just using the root account. For example this suggestion:

add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync

essentially gives rsyncuser root permissions anyway. You ask:

@MartinvonWittich Easy to gain a full root shell because rsync executed with sudo? Walk [m]e [through] that please.

martin@martin ~ % sudo rsync --perms --chmod u+s /bin/dash /bin/rootdash

martin@martin ~ % rootdash

# whoami

root

# touch /etc/evil

# tail -n1 /etc/shadow

dnsmasq:*:15942:0:99999:7:::

Having a real root is not [recommended] for good reasons. – redanimalwar 15 hours ago

edited Aug 30 '16 at 12:40

answered Sep 25 '13 at 20:54

Martin von Wittich

9,82933157

edited Aug 30 '16 at 12:40

answered Sep 25 '13 at 20:54

Martin von Wittich

9,82933157

answered Sep 25 '13 at 20:54

Martin von Wittich

9,82933157

answered Sep 25 '13 at 20:54

Martin von Wittich

9,82933157

2

Nice explanation. Would another reason for using sudo over root be in the situation where multiple people have sysadmin roles on a server? This way each can use their own SSH keys instead of sharing the SSH key of root?
– Nathan S. Watson-Haigh
Jan 22 '14 at 21:33

2

@NathanS.Watson-Haigh you could just as easy put all SSH keys into /root/.ssh/authorized_keys, or even create multiple root accounts with different homes so each user can have his own shell, home and .ssh/authorized_keys :)
– Martin von Wittich
Jan 23 '14 at 11:17

2

You can restrict ssh keys to only allowing certain commands, too. Definitely a good idea, since if you're automating something, you will probably be making these ssh keys without any passphrase, or at least so they're accessible all the time a machine is running. (meaning that root on that machine grants access to root on other machines.)
– Peter Cordes
Mar 7 '15 at 15:10

2

Martin's concerns regarding using sudo root are valid, but it seems they could be mitigated by specifying the exact rsync parameters in the sudoers file. According to the sudoers(5) man page on Ubuntu: "If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any)." If the sudoers file specifies the exact rsync command with the exact options (including source and destination), then it seems it should be safe.
– user155566
Feb 8 '16 at 18:41

4

One consideration not brought up earlier: sshd generally does not log which authorized key was used to connect to an account, so if you connect as bob then sudo, you get a better audit trail than if you connect in to root directly with bob's key.
– Coderer
Jun 15 '16 at 12:44

|
show 6 more comments

2

Nice explanation. Would another reason for using sudo over root be in the situation where multiple people have sysadmin roles on a server? This way each can use their own SSH keys instead of sharing the SSH key of root?
– Nathan S. Watson-Haigh
Jan 22 '14 at 21:33

2

@NathanS.Watson-Haigh you could just as easy put all SSH keys into /root/.ssh/authorized_keys, or even create multiple root accounts with different homes so each user can have his own shell, home and .ssh/authorized_keys :)
– Martin von Wittich
Jan 23 '14 at 11:17

2

You can restrict ssh keys to only allowing certain commands, too. Definitely a good idea, since if you're automating something, you will probably be making these ssh keys without any passphrase, or at least so they're accessible all the time a machine is running. (meaning that root on that machine grants access to root on other machines.)
– Peter Cordes
Mar 7 '15 at 15:10

2

Martin's concerns regarding using sudo root are valid, but it seems they could be mitigated by specifying the exact rsync parameters in the sudoers file. According to the sudoers(5) man page on Ubuntu: "If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any)." If the sudoers file specifies the exact rsync command with the exact options (including source and destination), then it seems it should be safe.
– user155566
Feb 8 '16 at 18:41

4

One consideration not brought up earlier: sshd generally does not log which authorized key was used to connect to an account, so if you connect as bob then sudo, you get a better audit trail than if you connect in to root directly with bob's key.
– Coderer
Jun 15 '16 at 12:44

Nice explanation. Would another reason for using sudo over root be in the situation where multiple people have sysadmin roles on a server? This way each can use their own SSH keys instead of sharing the SSH key of root?
– Nathan S. Watson-Haigh
Jan 22 '14 at 21:33

@NathanS.Watson-Haigh you could just as easy put all SSH keys into /root/.ssh/authorized_keys, or even create multiple root accounts with different homes so each user can have his own shell, home and .ssh/authorized_keys :)
– Martin von Wittich
Jan 23 '14 at 11:17

You can restrict ssh keys to only allowing certain commands, too. Definitely a good idea, since if you're automating something, you will probably be making these ssh keys without any passphrase, or at least so they're accessible all the time a machine is running. (meaning that root on that machine grants access to root on other machines.)
– Peter Cordes
Mar 7 '15 at 15:10

Martin's concerns regarding using sudo root are valid, but it seems they could be mitigated by specifying the exact rsync parameters in the sudoers file. According to the sudoers(5) man page on Ubuntu: "If a Cmnd has associated command line arguments, then the arguments in the Cmnd must match exactly those given by the user on the command line (or match the wildcards if there are any)." If the sudoers file specifies the exact rsync command with the exact options (including source and destination), then it seems it should be safe.
– user155566
Feb 8 '16 at 18:41

One consideration not brought up earlier: sshd generally does not log which authorized key was used to connect to an account, so if you connect as bob then sudo, you get a better audit trail than if you connect in to root directly with bob's key.
– Coderer
Jun 15 '16 at 12:44

|
show 6 more comments

up vote
65
down vote

Make use of the --rsync-path option to make the remote rsync command run with sudo privileges. Your command should then be e.g.:

rsync -chavzP --rsync-path="sudo rsync" --stats user@192.168.1.2:/ .

Make sure that the option tty_tickets is disabled for the user you
are using, by running e.g. sudo visudo -f /etc/sudoers.d/local-rsync
and entering:
```
Defaults:your.username.for.rsync !tty_tickets
```

Make sure that the option requiretty is disabled for the user you are
using - it could be off by default. The method is the same as above.

Seed the sudo password on the remote machine, by running e.g.
ssh -t user@192.168.1.2 sudo

edited Nov 23 at 8:29

Josip Rodin

911412

answered Sep 24 '13 at 4:00

M_dk

1,04979

1

@scai the password that is asked for is most likely the sudo password, not the ssh password
– umläute
Sep 24 '13 at 8:15

2

@redanimalwar allows your user to sudo /usr/bin/rsync without asking for a passphrase; check man sudoers for how to do this; you might want to create an extra backup user for this.
– umläute
Sep 24 '13 at 8:17

5

To allow sudo /usr/bin/rsync to run without requiring as password add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync This will allow the user rsyncuser (as mentioned above it would be best to create a dedicated backup user) with the username you want.
– M_dk
Sep 24 '13 at 9:38

4

@M_dk now rsync essentially always has root permissions; it's probably very easy to gain a full root shell in that account. I think it's better to just use the real root account in the first place.
– Martin von Wittich
Sep 24 '13 at 12:00

1

The answer in no way speaking of echo "password" | something I actually never used this and agree with the security problems coming with letting sudoless execution of rsync (also not suggested here) is bad. What the tty_tickets does I have actually no idea, seems needed and a security issue. This would work securely without tweaking anything by just running sodo on ssh and then executing the command right? But since I asked that question for scriping purposes, I totally agree that key based ssh without pw is the secure and right was to do. I accepted Martins answer instead.
– redanimalwar
Mar 7 '15 at 16:47

|
show 8 more comments

up vote
65
down vote

Make use of the --rsync-path option to make the remote rsync command run with sudo privileges. Your command should then be e.g.:

rsync -chavzP --rsync-path="sudo rsync" --stats user@192.168.1.2:/ .

Make sure that the option tty_tickets is disabled for the user you
are using, by running e.g. sudo visudo -f /etc/sudoers.d/local-rsync
and entering:
```
Defaults:your.username.for.rsync !tty_tickets
```

Make sure that the option requiretty is disabled for the user you are
using - it could be off by default. The method is the same as above.

Seed the sudo password on the remote machine, by running e.g.
ssh -t user@192.168.1.2 sudo

edited Nov 23 at 8:29

Josip Rodin

911412

answered Sep 24 '13 at 4:00

M_dk

1,04979

1

@scai the password that is asked for is most likely the sudo password, not the ssh password
– umläute
Sep 24 '13 at 8:15

2

@redanimalwar allows your user to sudo /usr/bin/rsync without asking for a passphrase; check man sudoers for how to do this; you might want to create an extra backup user for this.
– umläute
Sep 24 '13 at 8:17

5

To allow sudo /usr/bin/rsync to run without requiring as password add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync This will allow the user rsyncuser (as mentioned above it would be best to create a dedicated backup user) with the username you want.
– M_dk
Sep 24 '13 at 9:38

4

@M_dk now rsync essentially always has root permissions; it's probably very easy to gain a full root shell in that account. I think it's better to just use the real root account in the first place.
– Martin von Wittich
Sep 24 '13 at 12:00

1

The answer in no way speaking of echo "password" | something I actually never used this and agree with the security problems coming with letting sudoless execution of rsync (also not suggested here) is bad. What the tty_tickets does I have actually no idea, seems needed and a security issue. This would work securely without tweaking anything by just running sodo on ssh and then executing the command right? But since I asked that question for scriping purposes, I totally agree that key based ssh without pw is the secure and right was to do. I accepted Martins answer instead.
– redanimalwar
Mar 7 '15 at 16:47

|
show 8 more comments

up vote
65
down vote

Make use of the --rsync-path option to make the remote rsync command run with sudo privileges. Your command should then be e.g.:

rsync -chavzP --rsync-path="sudo rsync" --stats user@192.168.1.2:/ .

Make sure that the option tty_tickets is disabled for the user you
are using, by running e.g. sudo visudo -f /etc/sudoers.d/local-rsync
and entering:
```
Defaults:your.username.for.rsync !tty_tickets
```

Make sure that the option requiretty is disabled for the user you are
using - it could be off by default. The method is the same as above.

Seed the sudo password on the remote machine, by running e.g.
ssh -t user@192.168.1.2 sudo

edited Nov 23 at 8:29

Josip Rodin

911412

answered Sep 24 '13 at 4:00

M_dk

1,04979

Make use of the --rsync-path option to make the remote rsync command run with sudo privileges. Your command should then be e.g.:

rsync -chavzP --rsync-path="sudo rsync" --stats user@192.168.1.2:/ .

Make sure that the option tty_tickets is disabled for the user you
are using, by running e.g. sudo visudo -f /etc/sudoers.d/local-rsync
and entering:
```
Defaults:your.username.for.rsync !tty_tickets
```

Make sure that the option requiretty is disabled for the user you are
using - it could be off by default. The method is the same as above.

Seed the sudo password on the remote machine, by running e.g.
ssh -t user@192.168.1.2 sudo

edited Nov 23 at 8:29

Josip Rodin

911412

answered Sep 24 '13 at 4:00

M_dk

1,04979

edited Nov 23 at 8:29

Josip Rodin

911412

edited Nov 23 at 8:29

Josip Rodin

911412

edited Nov 23 at 8:29

Josip Rodin

911412

answered Sep 24 '13 at 4:00

M_dk

1,04979

answered Sep 24 '13 at 4:00

M_dk

1,04979

answered Sep 24 '13 at 4:00

M_dk

1,04979

1

@scai the password that is asked for is most likely the sudo password, not the ssh password
– umläute
Sep 24 '13 at 8:15

2

@redanimalwar allows your user to sudo /usr/bin/rsync without asking for a passphrase; check man sudoers for how to do this; you might want to create an extra backup user for this.
– umläute
Sep 24 '13 at 8:17

5

To allow sudo /usr/bin/rsync to run without requiring as password add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync This will allow the user rsyncuser (as mentioned above it would be best to create a dedicated backup user) with the username you want.
– M_dk
Sep 24 '13 at 9:38

4

@M_dk now rsync essentially always has root permissions; it's probably very easy to gain a full root shell in that account. I think it's better to just use the real root account in the first place.
– Martin von Wittich
Sep 24 '13 at 12:00

1

The answer in no way speaking of echo "password" | something I actually never used this and agree with the security problems coming with letting sudoless execution of rsync (also not suggested here) is bad. What the tty_tickets does I have actually no idea, seems needed and a security issue. This would work securely without tweaking anything by just running sodo on ssh and then executing the command right? But since I asked that question for scriping purposes, I totally agree that key based ssh without pw is the secure and right was to do. I accepted Martins answer instead.
– redanimalwar
Mar 7 '15 at 16:47

|
show 8 more comments

1

@scai the password that is asked for is most likely the sudo password, not the ssh password
– umläute
Sep 24 '13 at 8:15

2

@redanimalwar allows your user to sudo /usr/bin/rsync without asking for a passphrase; check man sudoers for how to do this; you might want to create an extra backup user for this.
– umläute
Sep 24 '13 at 8:17

5

To allow sudo /usr/bin/rsync to run without requiring as password add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync This will allow the user rsyncuser (as mentioned above it would be best to create a dedicated backup user) with the username you want.
– M_dk
Sep 24 '13 at 9:38

4

@M_dk now rsync essentially always has root permissions; it's probably very easy to gain a full root shell in that account. I think it's better to just use the real root account in the first place.
– Martin von Wittich
Sep 24 '13 at 12:00

1

The answer in no way speaking of echo "password" | something I actually never used this and agree with the security problems coming with letting sudoless execution of rsync (also not suggested here) is bad. What the tty_tickets does I have actually no idea, seems needed and a security issue. This would work securely without tweaking anything by just running sodo on ssh and then executing the command right? But since I asked that question for scriping purposes, I totally agree that key based ssh without pw is the secure and right was to do. I accepted Martins answer instead.
– redanimalwar
Mar 7 '15 at 16:47

@scai the password that is asked for is most likely the sudo password, not the ssh password
– umläute
Sep 24 '13 at 8:15

@redanimalwar allows your user to sudo /usr/bin/rsync without asking for a passphrase; check man sudoers for how to do this; you might want to create an extra backup user for this.
– umläute
Sep 24 '13 at 8:17

To allow sudo /usr/bin/rsync to run without requiring as password add the following to your /etc/sudoers file: rsyncuser ALL= NOPASSWD:/usr/bin/rsync This will allow the user rsyncuser (as mentioned above it would be best to create a dedicated backup user) with the username you want.
– M_dk
Sep 24 '13 at 9:38

@M_dk now rsync essentially always has root permissions; it's probably very easy to gain a full root shell in that account. I think it's better to just use the real root account in the first place.
– Martin von Wittich
Sep 24 '13 at 12:00

The answer in no way speaking of echo "password" | something I actually never used this and agree with the security problems coming with letting sudoless execution of rsync (also not suggested here) is bad. What the tty_tickets does I have actually no idea, seems needed and a security issue. This would work securely without tweaking anything by just running sodo on ssh and then executing the command right? But since I asked that question for scriping purposes, I totally agree that key based ssh without pw is the secure and right was to do. I accepted Martins answer instead.
– redanimalwar
Mar 7 '15 at 16:47

|
show 8 more comments

up vote
17
down vote

rsync -chavzPe 'ssh -X' --stats 

  --rsync-path='SUDO_ASKPASS=/usr/lib/ssh/x11-ssh-askpass sudo -A rsync' 

  user@192.168.1.2:/ .

answered Jun 19 '14 at 8:34

Graeme

24.7k46296

rsync --rsh='ssh -X' --rsync-path='gksudo -- rsync' user@host:/ . doesn't work. rsync error: syntax or usage error (code 1) at main.c(1634) [server=3.1.1]. Oh, ubuntu does ship gnome-ssh-askpass, but it's /usr/bin/ssh-askpass, instead of /usr/lib/ssh/x11.... So that worked :)
– Peter Cordes
Mar 7 '15 at 15:05

1

This is one of the better solutions as it doesn't need any reconfiguration on the other end -- just needs the askpass installed and X forwarding enabled, both of which should be fairly common.
– David Gardner
Aug 4 '15 at 10:55

1

Works like a charm after installing ssh-askpass. I just had to look up the meaning of -chavzPe, would be great to spell these out as long options.
– krlmlr
Oct 14 '16 at 16:19

add a comment |

up vote
17
down vote

rsync -chavzPe 'ssh -X' --stats 

  --rsync-path='SUDO_ASKPASS=/usr/lib/ssh/x11-ssh-askpass sudo -A rsync' 

  user@192.168.1.2:/ .

answered Jun 19 '14 at 8:34

Graeme

24.7k46296

rsync --rsh='ssh -X' --rsync-path='gksudo -- rsync' user@host:/ . doesn't work. rsync error: syntax or usage error (code 1) at main.c(1634) [server=3.1.1]. Oh, ubuntu does ship gnome-ssh-askpass, but it's /usr/bin/ssh-askpass, instead of /usr/lib/ssh/x11.... So that worked :)
– Peter Cordes
Mar 7 '15 at 15:05

1

This is one of the better solutions as it doesn't need any reconfiguration on the other end -- just needs the askpass installed and X forwarding enabled, both of which should be fairly common.
– David Gardner
Aug 4 '15 at 10:55

1

Works like a charm after installing ssh-askpass. I just had to look up the meaning of -chavzPe, would be great to spell these out as long options.
– krlmlr
Oct 14 '16 at 16:19

add a comment |

up vote
17
down vote

rsync -chavzPe 'ssh -X' --stats 

  --rsync-path='SUDO_ASKPASS=/usr/lib/ssh/x11-ssh-askpass sudo -A rsync' 

  user@192.168.1.2:/ .

answered Jun 19 '14 at 8:34

Graeme

24.7k46296

rsync -chavzPe 'ssh -X' --stats 

  --rsync-path='SUDO_ASKPASS=/usr/lib/ssh/x11-ssh-askpass sudo -A rsync' 

  user@192.168.1.2:/ .

answered Jun 19 '14 at 8:34

Graeme

24.7k46296

answered Jun 19 '14 at 8:34

Graeme

24.7k46296

answered Jun 19 '14 at 8:34

Graeme

24.7k46296

answered Jun 19 '14 at 8:34

Graeme

24.7k46296

rsync --rsh='ssh -X' --rsync-path='gksudo -- rsync' user@host:/ . doesn't work. rsync error: syntax or usage error (code 1) at main.c(1634) [server=3.1.1]. Oh, ubuntu does ship gnome-ssh-askpass, but it's /usr/bin/ssh-askpass, instead of /usr/lib/ssh/x11.... So that worked :)
– Peter Cordes
Mar 7 '15 at 15:05

1

This is one of the better solutions as it doesn't need any reconfiguration on the other end -- just needs the askpass installed and X forwarding enabled, both of which should be fairly common.
– David Gardner
Aug 4 '15 at 10:55

1

Works like a charm after installing ssh-askpass. I just had to look up the meaning of -chavzPe, would be great to spell these out as long options.
– krlmlr
Oct 14 '16 at 16:19

add a comment |

rsync --rsh='ssh -X' --rsync-path='gksudo -- rsync' user@host:/ . doesn't work. rsync error: syntax or usage error (code 1) at main.c(1634) [server=3.1.1]. Oh, ubuntu does ship gnome-ssh-askpass, but it's /usr/bin/ssh-askpass, instead of /usr/lib/ssh/x11.... So that worked :)
– Peter Cordes
Mar 7 '15 at 15:05

1

This is one of the better solutions as it doesn't need any reconfiguration on the other end -- just needs the askpass installed and X forwarding enabled, both of which should be fairly common.
– David Gardner
Aug 4 '15 at 10:55

1

Works like a charm after installing ssh-askpass. I just had to look up the meaning of -chavzPe, would be great to spell these out as long options.
– krlmlr
Oct 14 '16 at 16:19

rsync --rsh='ssh -X' --rsync-path='gksudo -- rsync' user@host:/ . doesn't work. rsync error: syntax or usage error (code 1) at main.c(1634) [server=3.1.1]. Oh, ubuntu does ship gnome-ssh-askpass, but it's /usr/bin/ssh-askpass, instead of /usr/lib/ssh/x11.... So that worked :)
– Peter Cordes
Mar 7 '15 at 15:05

This is one of the better solutions as it doesn't need any reconfiguration on the other end -- just needs the askpass installed and X forwarding enabled, both of which should be fairly common.
– David Gardner
Aug 4 '15 at 10:55

Works like a charm after installing ssh-askpass. I just had to look up the meaning of -chavzPe, would be great to spell these out as long options.
– krlmlr
Oct 14 '16 at 16:19

add a comment |

up vote
7
down vote

If your user has already sudo privileges which are protected with a password I would keep them as-is and only add a stanza to use rsync without a password:

%admin ALL=(ALL) ALL

%admin ALL= NOPASSWD:/usr/bin/rsync

answered Jun 11 '14 at 18:39

Gunnar Thielebein

7111

add a comment |

up vote
7
down vote

If your user has already sudo privileges which are protected with a password I would keep them as-is and only add a stanza to use rsync without a password:

%admin ALL=(ALL) ALL

%admin ALL= NOPASSWD:/usr/bin/rsync

answered Jun 11 '14 at 18:39

Gunnar Thielebein

7111

add a comment |

up vote
7
down vote

If your user has already sudo privileges which are protected with a password I would keep them as-is and only add a stanza to use rsync without a password:

%admin ALL=(ALL) ALL

%admin ALL= NOPASSWD:/usr/bin/rsync

answered Jun 11 '14 at 18:39

Gunnar Thielebein

7111

If your user has already sudo privileges which are protected with a password I would keep them as-is and only add a stanza to use rsync without a password:

%admin ALL=(ALL) ALL

%admin ALL= NOPASSWD:/usr/bin/rsync

answered Jun 11 '14 at 18:39

Gunnar Thielebein

7111

answered Jun 11 '14 at 18:39

Gunnar Thielebein

7111

answered Jun 11 '14 at 18:39

Gunnar Thielebein

7111

answered Jun 11 '14 at 18:39

Gunnar Thielebein

7111

add a comment |

up vote
5
down vote

The command I used is below. It was invoked by user A in the /home directory on foo.

sudo rsync -avu -e "ssh -i /home/A/.ssh/id_rsa -l A"  * B:/home/backup

answered Sep 14 '15 at 0:11

Ken Anderson

15112

2

This is brilliant. I forgot about the -i option to ssh. You can use --rsync-path="sudo /usr/bin/rsync" if you have sudo on machine bar. This then does reading as root@foo and writing as root@bar, but transferring via A@foo -> B@bar. Thanks!
– ctbrown
Jan 21 '16 at 18:09

add a comment |

up vote
5
down vote

The command I used is below. It was invoked by user A in the /home directory on foo.

sudo rsync -avu -e "ssh -i /home/A/.ssh/id_rsa -l A"  * B:/home/backup

answered Sep 14 '15 at 0:11

Ken Anderson

15112

2

This is brilliant. I forgot about the -i option to ssh. You can use --rsync-path="sudo /usr/bin/rsync" if you have sudo on machine bar. This then does reading as root@foo and writing as root@bar, but transferring via A@foo -> B@bar. Thanks!
– ctbrown
Jan 21 '16 at 18:09

add a comment |

up vote
5
down vote

The command I used is below. It was invoked by user A in the /home directory on foo.

sudo rsync -avu -e "ssh -i /home/A/.ssh/id_rsa -l A"  * B:/home/backup

answered Sep 14 '15 at 0:11

Ken Anderson

15112

The command I used is below. It was invoked by user A in the /home directory on foo.

sudo rsync -avu -e "ssh -i /home/A/.ssh/id_rsa -l A"  * B:/home/backup

answered Sep 14 '15 at 0:11

Ken Anderson

15112

answered Sep 14 '15 at 0:11

Ken Anderson

15112

answered Sep 14 '15 at 0:11

Ken Anderson

15112

answered Sep 14 '15 at 0:11

Ken Anderson

15112

2

This is brilliant. I forgot about the -i option to ssh. You can use --rsync-path="sudo /usr/bin/rsync" if you have sudo on machine bar. This then does reading as root@foo and writing as root@bar, but transferring via A@foo -> B@bar. Thanks!
– ctbrown
Jan 21 '16 at 18:09

add a comment |

2

This is brilliant. I forgot about the -i option to ssh. You can use --rsync-path="sudo /usr/bin/rsync" if you have sudo on machine bar. This then does reading as root@foo and writing as root@bar, but transferring via A@foo -> B@bar. Thanks!
– ctbrown
Jan 21 '16 at 18:09

This is brilliant. I forgot about the -i option to ssh. You can use --rsync-path="sudo /usr/bin/rsync" if you have sudo on machine bar. This then does reading as root@foo and writing as root@bar, but transferring via A@foo -> B@bar. Thanks!
– ctbrown
Jan 21 '16 at 18:09

add a comment |

up vote
3
down vote

Running rsync as daemon on the target machine allows you to do what you want.

edited Sep 9 '14 at 16:38

drs

3,29352858

answered Sep 9 '14 at 16:16

Konstantin

1444

1

I upvoted this answer, but it would be better w/ some explanation of how to get the rsynch daemon running, and how you use it w/ root access.
– Mike Lippert
Feb 9 '15 at 16:29

rsync as daemon wouldn't match this case, because rsync will drop root permissions even when started as root then not all files could be transferred.
– teissler
Apr 22 '16 at 7:57

add a comment |

up vote
3
down vote

Running rsync as daemon on the target machine allows you to do what you want.

edited Sep 9 '14 at 16:38

drs

3,29352858

answered Sep 9 '14 at 16:16

Konstantin

1444

1

I upvoted this answer, but it would be better w/ some explanation of how to get the rsynch daemon running, and how you use it w/ root access.
– Mike Lippert
Feb 9 '15 at 16:29

rsync as daemon wouldn't match this case, because rsync will drop root permissions even when started as root then not all files could be transferred.
– teissler
Apr 22 '16 at 7:57

add a comment |

up vote
3
down vote

Running rsync as daemon on the target machine allows you to do what you want.

edited Sep 9 '14 at 16:38

drs

3,29352858

answered Sep 9 '14 at 16:16

Konstantin

1444

Running rsync as daemon on the target machine allows you to do what you want.

edited Sep 9 '14 at 16:38

drs

3,29352858

answered Sep 9 '14 at 16:16

Konstantin

1444

edited Sep 9 '14 at 16:38

drs

3,29352858

edited Sep 9 '14 at 16:38

drs

3,29352858

edited Sep 9 '14 at 16:38

drs

3,29352858

answered Sep 9 '14 at 16:16

Konstantin

1444

answered Sep 9 '14 at 16:16

Konstantin

1444

answered Sep 9 '14 at 16:16

Konstantin

1444

1

I upvoted this answer, but it would be better w/ some explanation of how to get the rsynch daemon running, and how you use it w/ root access.
– Mike Lippert
Feb 9 '15 at 16:29

rsync as daemon wouldn't match this case, because rsync will drop root permissions even when started as root then not all files could be transferred.
– teissler
Apr 22 '16 at 7:57

add a comment |

1

I upvoted this answer, but it would be better w/ some explanation of how to get the rsynch daemon running, and how you use it w/ root access.
– Mike Lippert
Feb 9 '15 at 16:29

rsync as daemon wouldn't match this case, because rsync will drop root permissions even when started as root then not all files could be transferred.
– teissler
Apr 22 '16 at 7:57

I upvoted this answer, but it would be better w/ some explanation of how to get the rsynch daemon running, and how you use it w/ root access.
– Mike Lippert
Feb 9 '15 at 16:29

rsync as daemon wouldn't match this case, because rsync will drop root permissions even when started as root then not all files could be transferred.
– teissler
Apr 22 '16 at 7:57

add a comment |

up vote
2
down vote

My solution is to use --rsync-path="sudo rsync" but it ask for password, workaround:

rsync -chavzP --stats --rsync-path="echo <SUDOPASS> | sudo -Sv && sudo rsync"  user@192.168.1.2:/ .

answered Dec 25 '17 at 9:29

Bulat

291

1

It usually isn't a good idea to put passwords into a command line one-liner; they become visible in the process tree, for example. I sometimes replace the actual password in this type of statement with $( cat my_password.txt ) which is slightly better, but it is usually preferred to configure the permissions on either end, and/or use SSH keys, in such a way that passwords aren't required on the CLI
– JDS
May 2 at 15:13

add a comment |

up vote
2
down vote

My solution is to use --rsync-path="sudo rsync" but it ask for password, workaround:

rsync -chavzP --stats --rsync-path="echo <SUDOPASS> | sudo -Sv && sudo rsync"  user@192.168.1.2:/ .

answered Dec 25 '17 at 9:29

Bulat

291

1

It usually isn't a good idea to put passwords into a command line one-liner; they become visible in the process tree, for example. I sometimes replace the actual password in this type of statement with $( cat my_password.txt ) which is slightly better, but it is usually preferred to configure the permissions on either end, and/or use SSH keys, in such a way that passwords aren't required on the CLI
– JDS
May 2 at 15:13

add a comment |

up vote
2
down vote

My solution is to use --rsync-path="sudo rsync" but it ask for password, workaround:

rsync -chavzP --stats --rsync-path="echo <SUDOPASS> | sudo -Sv && sudo rsync"  user@192.168.1.2:/ .

answered Dec 25 '17 at 9:29

Bulat

291

My solution is to use --rsync-path="sudo rsync" but it ask for password, workaround:

rsync -chavzP --stats --rsync-path="echo <SUDOPASS> | sudo -Sv && sudo rsync"  user@192.168.1.2:/ .

answered Dec 25 '17 at 9:29

Bulat

291

answered Dec 25 '17 at 9:29

Bulat

291

answered Dec 25 '17 at 9:29

Bulat

291

answered Dec 25 '17 at 9:29

Bulat

291

1

It usually isn't a good idea to put passwords into a command line one-liner; they become visible in the process tree, for example. I sometimes replace the actual password in this type of statement with $( cat my_password.txt ) which is slightly better, but it is usually preferred to configure the permissions on either end, and/or use SSH keys, in such a way that passwords aren't required on the CLI
– JDS
May 2 at 15:13

add a comment |

1

It usually isn't a good idea to put passwords into a command line one-liner; they become visible in the process tree, for example. I sometimes replace the actual password in this type of statement with $( cat my_password.txt ) which is slightly better, but it is usually preferred to configure the permissions on either end, and/or use SSH keys, in such a way that passwords aren't required on the CLI
– JDS
May 2 at 15:13

It usually isn't a good idea to put passwords into a command line one-liner; they become visible in the process tree, for example. I sometimes replace the actual password in this type of statement with $( cat my_password.txt ) which is slightly better, but it is usually preferred to configure the permissions on either end, and/or use SSH keys, in such a way that passwords aren't required on the CLI
– JDS
May 2 at 15:13

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Unix & Linux Stack Exchange!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Cfrtjryk