CentOS rsync between servers using keyfile to pass credentials
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
Any ideas guys?
Any error? What did you do?
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
@travisdh1 That is the goal, to use the public and private keys to authenticate between the servers and then rsync any changes from host 1 to host 2.
Right, using ssh-copy-id is the easiest way to get the ssh keys to the proper places once generated. After that, just use rsync with ssh like normal and it won't ask for a password.
rsync -e ssh user@host:/dir /local/dir
I've distributed keys manually in the past, but ssh-copy-id is so much faster and foolproof.... yes, I can be a fool with ssh keys quite easily.
-
@Reid-Cooper No errors, just a prompt for the root password to connect to the server.
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
@Reid-Cooper No errors, just a prompt for the root password to connect to the server.
Is it root's account that you set the public key to be used for? /root/.ssh instead of /home/user/.ssh
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
@Reid-Cooper No errors, just a prompt for the root password to connect to the server.
Let's back up a step here. Do the local files need root permission to read, and does the remote directory need root permission to write? If so, you do need to create an ssh key for the local machine root and use ssh-copy-id to copy that to the remote one.
-
You could create a user on each system, specific to this task; and give that user restricted passwordless sudo access to only run the specific rsync command you need to have run.
Throw your rsync command in a script and restrict your user's passwordless sudo access to running that specific script. Et voila! Authentication issues resolved.
--edit--
I think this can help point you in the right direction: https://serverfault.com/questions/596940/sudoers-nopasswd-how-to-grant-access-to-a-specific-ln-command
-
Ok well I can ssh between the servers, but both are asking for the root/.ssh/id_rsa passphrase and the root credentials.
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
Ok well I can ssh between the servers, but both are asking for the root/.ssh/id_rsa passphrase and the root credentials.
That is where you would want passwordless sudo access tied to a specific user that will ONLY have that sudo access restricted to running your rsync command.
You'll be able to log into the remote system using your keys, and with passwordless sudo enabled, you'll not be prompted for a password when you run your sudo rsync... command.
-
@RamblingBiped why can't I use the keys generated for this, rather than needing an outside account with passwordless sudo access?
-
The goal is to only use the public and private keys to allow me to sync files from one server to the other via crontab (without needing to be prompted for credentials)
The public and private keys should suffice for that.
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
@RamblingBiped why can't I use the keys generated for this, rather than needing an outside account with passwordless sudo access?
You can, I was just suggesting how I have set up a similar environment in the past. I didn't want to have to screw around with my user's sudo settings. Also I didn't want a job/task such as this tied to a specific user's account either. By setting it up as a separate user it keeps the task from breaking when I leave the company and they kill my credentials.
-
Ok so stepping back from your approach, I have my pub keys copied to each server, why am I being prompted for the id_rsa passphrase, and root password?
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
Ok so stepping back from your approach, I have my pub keys copied to each server, why am I being prompted for the id_rsa passphrase, and root password?
Did you put in a passphrase when asked during the keygen sequence?
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
Ok so stepping back from your approach, I have my pub keys copied to each server, why am I being prompted for the id_rsa passphrase, and root password?
To each? Just to one, right?
-
@Reid-Cooper Correct, I only want to rsync files from one server to the other, not both ways. Using the keys generated.
-
Using the rsync command above, I'm still prompted for the admin password of the target server.
Which the goal is to solely use the public and private keys for this.
-
Which when I provide the password, the rsync operates without issue.
-
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
Using the rsync command above, I'm still prompted for the admin password of the target server.
Which the goal is to solely use the public and private keys for this.
If you enter a passphrase during the keygen sequence you will need to enter a password to enable use of the ssh key. So, did you enter a password in the questions asked during the keygen?
-
@travisdh1 said in CentOS rsync between servers using keyfile to pass credentials:
@DustinB3403 said in CentOS rsync between servers using keyfile to pass credentials:
Using the rsync command above, I'm still prompted for the admin password of the target server.
Which the goal is to solely use the public and private keys for this.
If you enter a passphrase during the keygen sequence you will need to enter a password to enable use of the ssh key. So, did you enter a password in the questions asked during the keygen?
I know it's so very counter intuitive at first, but enabling key only authentication means you can't enter anything at that point, just enter through those two questions.
-
So to reiterate, here's what I'd do:
If you don't need elevated privileges use a regular account.
ssh-keygen -t rsa -b 4096
Just enter through the prompts
Then:
ssh-copy-id -i user@remotehost
Then do the same for the other machine.
What's your output of
ls -lZ
in the/home/user/.ssh/
directory?$20 says if you just did a
touch authorized_keys
it's going to have the wrong permissions/context.