Recipe 16.3. Making Secure Transfers with rsync and ssh
16.3.1 Problem
You want to use
rsync to copy files to another PC over a LAN, or
over the Internet, and you want encrypted transport and
authentication.
16.3.2 Solution
Use rsync over ssh.
ssh must be set up and working on all hosts.
Specify your source and destination, and specify
ssh with the -e flag. This
command transfers files over the local network, to
ljl's account on the remote PC
"stinkpad":
ljl@compak:~$ rsync -av -e ssh stationery stinkpad:test
ljl@stinkpad's password:
building file list ... done
stationery/
stationery/ljl-return-address-small.sxw
stationery/ljl-holiday-label.sxw
stationery/ljl-return-address-MV-small.sxw
wrote 25984 bytes read 68 bytes 7443.43 bytes/sec
total size is 25666 speedup is 0.99
Beware of filepath trickiness. stinkpad:test
uploads the stationery directory and its
contents to /home/ljl/test on
stinkpad. If /test does not
exist, rsync will create it:
ljl@stinkpad's password:
building file list ... done
created directory test
If you want to upload to a directory outside of your home directory,
you'll need sufficient permissions for
rsync to create a new directory, or
you'll need it to be an existing directory that you
can write to. Precede the upload directory with a forward slash, to
make it relative to the root filesystem instead of to your home
directory:
$ rsync -av -e ssh stationery stinkpad:/shared_uploads
To upload files over the Internet, use your login on the remote
system and the full domain name:
$ rsync -av -e ssh stationery ljl@stinkpad.test.net:/shared_uploads
The syntax for copying files from a remote host is a little
different. This copies the /scripts directory
and its contents from the remote host to your local
/downloads directory:
$ rsync -av -e ssh ljl@stinkpad.test.net:/shared_uploads/scripts ~/downloads/
16.3.3 Discussion
Both authentication and transport are encrypted, so this is a nice,
secure way to transfer sensitive files. The one downside is that
users need shell accounts on all machines they are going to store
files on or retrieve files from, so it's a bit of
work to set up. A central server, with shared directories, is a good
way to manage complex file sharing scenarios. You can control access
with the usual Linux tools—file and directory permissions, and
user groups, and you can use unique logins on the shared server, for
extra security.
16.3.4 See Also
| 
