Linux: rsync – sudo и RSA ключ для авторизации

Автор: | 27/07/2017
 

При выполнениии rsync можно указать ключ, что бы не вводить пароль.

RSA generate

Генерируем ключ:

[simterm]

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/setevoy/.ssh/id_rsa): /home/setevoy/.ssh/WORK/JM/jm-gw-proxy
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/setevoy/.ssh/WORK/JM/jm-gw-proxy.
Your public key has been saved in /home/setevoy/.ssh/WORK/JM/jm-gw-proxy.pub.

[/simterm]

Копируем его на сервер:

[simterm]

$ ssh-copy-id -i /home/setevoy/.ssh/WORK/JM/jm-gw-proxy -p 2201 [email protected] 
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/setevoy/.ssh/WORK/JM/jm-gw-proxy.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p '2201' '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

[/simterm]

Проверяем:

[simterm]

$ ssh -i /home/setevoy/.ssh/WORK/JM/jm-gw-proxy -p 2201 [email protected] 
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-87-generic x86_64)
...
Last login: Wed Jul 26 09:37:54 2017 from 194.105.145.45
jmadmin@lj3hwzghi6ibg000001:~$

[/simterm]

rsync sudo

Для sudo при rsync – добавляем --rsync-path="sudo rsync"

rsync RSA

ssh -i keyname

Вариант первый – добавляем -e "ssh -i /home/jmadmin/.ssh/jm-gw-proxy":

[simterm]

$ sudo rsync -e "ssh -i /home/jmadmin/.ssh/jm-gw-proxy" -avh --rsync-path="sudo rsync" /etc/letsencrypt/{live,archive} [email protected]:/etc/letsencrypt/
sending incremental file list

sent 4.14K bytes  received 28 bytes  8.34K bytes/sec
total size is 66.04K  speedup is 15.83

[/simterm]

.ssh/config

Другой вариант – использовать .ssh/config.

Добавляем в него запись (в .ssh/config пользователя root, т.к. rsync через sudo):

Host 10.0.0.5
    User jmadmin
    IdentityFile /home/jmadmin/.ssh/jm-gw-proxy

Проверяем:

[simterm]

$ sudo rsync -avh --rsync-path="sudo rsync" /etc/letsencrypt/{live,archive} [email protected]:/etc/letsencrypt/
sending incremental file list

sent 4.14K bytes  received 28 bytes  8.34K bytes/sec
total size is 66.04K  speedup is 15.83

[/simterm]

Готово.

ssh-agent

Третий вариант – ssh-agent.

Запускаем его (тут опять от рута):

[simterm]

# eval "$(ssh-agent -s)"
Agent pid 10503

[/simterm]

Добавляем ключ:

[simterm]

# ssh-add /home/jmadmin/.ssh/jm-gw-proxy
Identity added: /home/jmadmin/.ssh/jm-gw-proxy (/home/jmadmin/.ssh/jm-gw-proxy)

[/simterm]

Проверяем:

[simterm]

# rsync -avh --rsync-path="sudo rsync" /etc/letsencrypt/{live,archive} [email protected]:/etc/letsencrypt/
sending incremental file list

sent 4.14K bytes  received 28 bytes  8.34K bytes/sec
total size is 66.04K  speedup is 15.83

[/simterm]

Готово.