Rsync.v7
| Installing | New Server | Mrepo | smartd | RAID | Hardening | YUM | Crontabs | LogWatch | systemctl | firewalld | CentOS 7 | |
|
Apache | Bind | Cacti | DHCP | mariadb | Samba | Sarg | Sendmail | Smokeping | Rsync | Work Apps | |
| Problems | VPN | VPN Win | Extras | Bash | MailScanner | Horde | Google CE | Wake Up | KVM | |||
| Other | Computer Lab | ISO2USB | aiContact | Google CE | Android | USB Live | SRS XML |
Contents
Rsync
YUM
yum install rsync
SSL over rsync
on Remote Backup Server
Run the following commands to get the certificates created.
Create user
adduser username -d /someotherplace
now
passwd username
and
mkdir /home/username/.ssh emacs /home/username/.ssh/rsync-key chown username.username /home/username/.ssh cd /home/username/.ssh chmod 600 rsync-key chmod 700 ../.ssh
on Sending Server
Create a user
adduser someuser
Create keys
mkdir /home/someuser/.ssh/ ssh-keygen -t rsa -b 2048 -f /home/someuser/.ssh/rsync-key
Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/someuser/.ssh/rsync-key. Your public key has been saved in /home/someuser/.ssh/rsync-key.pub. The key fingerprint is:
We did not enter a passphrase and this created two keys
ls .ssh/ rsync-key rsync-key.pub
This key serves no purpose until we put the public portion into the 'authorized_keys' file [2] on remotehost, specifically the one for remoteuser:
/home/remoteuser/.ssh/authorized_keys
Transfer the needed key to the remote back up server.
Make sure the user exists on the backup server first!
scp -P 1234 /home/someuser/.ssh/rsync-key.pub username@backupserver:/home/username/.ssh
Note my ssh server does not run on port 22, but something else. Hence the 'P' switch.
The authenticity of host '[backupserver]:1234 ([xxx.xxx.xxx.xxx]:1234)' can't be established. RSA key fingerprint is 18:08:95:e7:5d:12:7b:42:91:db:0f:42:03:49:1b:dc. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[backupserver]:1234,[xxx.xxx.xxx.xxx]:1234' (RSA) to the list of known hosts. someuser@backupserver's password: rsync-key.pub 100% 405 0.4KB/s 00:00
Yes key successfully transferred. I now have on the remote backup server the key rsync-key.pub inside a file called .ssh/known_hosts.
on Remote Backup Server
ssh in to this server as someuser
cd /home/username chmod 700 .ssh cd .ssh/ touch authorized_keys chown username.username authorized_keys chmod 600 authorized_keys cat thishost-rsync-key.pub >> authorized_keys
This will allow password less certificate authentication between this server and the remote backup server for ssh rsync connections.
Testing back on Sending Server
rsync -avvvz -e "ssh -p 2022 -i /home/someuser/.ssh/rsync-key" /var/www/html someuser@remoteserver:/home/someuser
- no password should be asked for
- the directory /var/www/html should be copied to /home/someuser/html
- If a password is asked for then you have selinux running.
The easiest way around this is to disable selinux:
emacs /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
This will require a reboot.
To test is this is the issue, on Centos 6 run
echo 0 >/selinux/enforce
On Centos 7 run
setenforce permissive
Check with
sestatus
Now run your rsync command again and there should not be a request for a password.
Compare Two Locations
To compare two different locations and fins out what is different.
rsync -rvnc --delete local/dir/ laptop:remote/dir/
/etc/rsyncd.conf
# /etc/rsyncd: configuration file for rsync daemon mode # See rsyncd.conf man page for more options. # configuration example: # uid = nobody # gid = nobody use chroot = yes max connections = 24 pid file = /var/run/rsyncd.pid exclude = lost+found/ transfer logging = yes timeout = 900 # ignore nonreadable = yes dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 # [ftp] # path = /home/ftp # comment = ftp export area motd file = /etc/motd max connections = 25 syslog facility = local3 [temp] comment = Temp Xfer location path = /var/www/temp read only = no list = yes uid = root gid = root hosts allow = 127.0.0.0/8
Service
systemctl start rsyncd systemctl enable rsyncd
- Did you find this page useful?
- Do you have an issue that you have not yet fixed?
We can do this for you.
I am available for technical support. Please follow this link. Tech Support Request.
+64-6-880-0000 : ++1-808-498-7146 : help@ai.net.nz
Getting us to help you
