Linux Administrator

Rsync : SSH Validate Script To Check For Incoming Rsync Connection

The Rsync utility has a lot of great uses, such as keeping servers in sync with one another, but some time you want to run it automatically, So how do you securely and automatically sync between servers?

As we know Rsync and SSH work together, but some time we don’t want to allow server to login and only want to transfer file between two computer such as backup of all web document root files. So how it is possible ?

In this tutorial I will describe how you can setup SSH only for data transfer purpose instead of server login.

Create validate-rsync.sh Script

You will need to create a script called “validate-rsync.sh” in any location like “/home/user/validate-rsync.sh” with below content.

# vim /home/user/validate-rsync.sh

#!/bin/sh
# validate-rsync.sh

case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
rsync\ --server*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac

Save and close file.

Make it executable by using below command:

# chmod +x /home/user/validate-rsync.sh

This will check to see if the ssh session is being used to execute an rsync backup. If it is being used for anything else, the session will be rejected and closed.

To limit where connections are coming from, prefix the key with from=”IP_Address“. To limit what command is executed, prefix the key with command=”/path/to/validating/script/” in your secured authorized_keys file.

from="192.168.0.15",command="/home/user/validate-rsync.sh" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwxv... == = [email protected]
# vim /root/.ssh/authorized_keys

from="192.168.0.15",command="/home/user/validate-rsync.sh" ssh-rsa AAAAB3NzaC1yafafAeAdfARAEdfdafjlajaqejldfjoeriuadfaldflzdfjladfjaljf;afja;sldjfadfadf
/alkdhfadrfoaRTlpKB4U6313tBnJMIWe5PikDQ4X5eTbOPJGsKRbPVvnBICyPHrLOHsadfalfdjaldfjafyYXAfMFjHrcZldjfa;ljjjSLJLSJLJljfljfd;lasdjfaJ15p20xSgpgGmDHdfadfadfa
fdeTXSVke2f0CX++gktiqwdfpE36CJF2Yaldfaljfdalfjalflafjalfh5Ksr9+jN8Vx3UUTR6KD7/ki3rkiaROXxuhG5+m+w== [email protected]

Now rsync is complete without prompting for a password, lets try it by using below command:
# rsync -avz -e "ssh -i ~/rsync-key" /some/small/directory/ [email protected]:/backup/destination/directory/

Still if your are getting problem, please make sure you have set proper permission to read from the source “/some/small/directory/” and to write to the target “[email protected]:/backup/destination/directory/” also make sure ssh session is establishing between the two hosts without password.

Thanks:)

Thank you! for visiting LookLinux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment