Linux Administrator

Rsync : SSH Validate Script To Check For Incoming Rsync Connection

The Rsync utility has a lot of great uses, such as keeping servers in sync with one another, but some time you want to run it automatically, So how do you securely and automatically sync between servers?

As we know Rsync and SSH work together, but some time we don’t want to allow server to login and only want to transfer file between two computer such as backup of all web document root files. So how it is possible ?

In this tutorial I will describe how you can setup SSH only for data transfer purpose instead of server login.

Create Script

You will need to create a script called “” in any location like “/home/user/” with below content.

# vim /home/user/


echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
rsync\ --server*)
echo "Rejected"

Save and close file.

Make it executable by using below command:

# chmod +x /home/user/

This will check to see if the ssh session is being used to execute an rsync backup. If it is being used for anything else, the session will be rejected and closed.

To limit where connections are coming from, prefix the key with from=”IP_Address“. To limit what command is executed, prefix the key with command=”/path/to/validating/script/” in your secured authorized_keys file.

from="",command="/home/user/" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwxv... == = [email protected]
# vim /root/.ssh/authorized_keys

from="",command="/home/user/" ssh-rsa AAAAB3NzaC1yafafAeAdfARAEdfdafjlajaqejldfjoeriuadfaldflzdfjladfjaljf;afja;sldjfadfadf
fdeTXSVke2f0CX++gktiqwdfpE36CJF2Yaldfaljfdalfjalflafjalfh5Ksr9+jN8Vx3UUTR6KD7/ki3rkiaROXxuhG5+m+w== [email protected]

Now rsync is complete without prompting for a password, lets try it by using below command:
# rsync -avz -e "ssh -i ~/rsync-key" /some/small/directory/ [email protected]:/backup/destination/directory/

Still if your are getting problem, please make sure you have set proper permission to read from the source “/some/small/directory/” and to write to the target “[email protected]:/backup/destination/directory/” also make sure ssh session is establishing between the two hosts without password.


Thank you! for visiting LookLinux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website To become an author at Look Linux Submit Article. Stay connected to Facebook.

About the author


Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment