rsync over ssh passwordless - please assist with helping me set this up properly

[greavette]

Hello,

I want to use rsync over ssh (passwordless) to sync my source servers /usr/local/citadel/ folders and files to my destination server: 10.100.x.x:/usr/local/citadel/

Both servers are Ubuntu Lucid (10.04) and both are up to date. Here is what I've done:

I've installed webmin on both servers and can see that the /usr/local/citadel folders and files on both servers are mostly setup (by default when Citadel was installed) with root as the User and root as the group. There are some files and folders though that are setup with citadel as the user and citadel as the Group.

I use this page to assist with setting up my passwordless ssh: http://www.serveradminblog.com/2011/...assword-howto/

On my Source server I login with my userid and I do not elevate using sudo su. I do the following to create my keys:

Code:

# ssh-keygen -t rsa

I accept the default location and It prompts me for a passphrase but do not enter anything. Instead, I just press the enter key.
It generates an identification (private key) and a public key.
The public key is generated in ~/.ssh/id_rsa.pub.

I then issue this command:

Code:

# cat id_rsa.pub >> /root/.ssh/authorized_keys

I get an error that says: "-bash: /root/.ssh/authorized_keys: Permission denied"

So, I elevate my privileges and use sudo su.

I issue this command again:

Code:

# cat id_rsa.pub >> /root/.ssh/authorized_keys

This time there is no error I'm successful.

I issue the following successfully next:

Code:

# chmod 700 /root/.ssh/authorized_keys

I exit out of sudo su. I'm now back to my login id.

I now want to copy this key I created to my destination server. I issue the following command:

Code:

ssh-copy-id 10.100.x.x

(where 10.100.x.x) is the ip of my source server.
I'm asked for the password of the destination servers user (the user is the same on both my source and destination servers).
I successfully copy the public id to my destination server.

I then do a test from my source server to my destination server:

Code:

ssh 10.100.x.x

Success, I connect and it doesn't ask for a password!

Since I can successfully connect without a password from my source server to my destination server, I'm ready to try an rsync command. From my source server...Here goes:

Code:

rsync -va /usr/local/citadel/ 10.100.x.x:/usr/local/citadel/

Doesn't work...I get failed: permission denied errors on the files and folders that are owned by the citadel user/group.

So, after this long-winded post...what do I do. I don't want to change the owners or permissions on the existing users/groups. But how do I add the user/group root to also have access to these folders that are owned by citadel user/group?

Any help you can provide would be greatly appreciated.

Thank you.

[karlson]

Since I can successfully connect without a password from my source server to my destination server, I'm ready to try an rsync command. From my source server...Here goes:

Code:

rsync -va /usr/local/citadel/ 10.100.x.x:/usr/local/citadel/

Doesn't work...I get failed: permission denied errors on the files and folders that are owned by the citadel user/group.

Have you tried:

Code:

rsync -e ssh -va <src> <dst>

[greavette]

I tried your suggestion..Nope...still the errors I saw before:

Code:

sending incremental file list
rsync: opendir "usr/local/citadel/data" failed:  Permission denied (13)
rsync: opendir "usr/local/citadel/network/spooltmp" failed:  Permission denied (13)
rsync: delete_file: unlink(citadel) failed:  Permission denied (13)
could not make way for new directory: citadel
rsync: delete_file: unlink(citadel) failed:  Permission denied (13)
could not make way for new directory: citadel
*** Skipping any contents from this failed directoy ***

What permissions do I need to update to get this working?

[karlson]

I tried your suggestion..Nope...still the errors I saw before:

Code:

sending incremental file list
rsync: opendir "usr/local/citadel/data" failed:  Permission denied (13)
rsync: opendir "usr/local/citadel/network/spooltmp" failed:  Permission denied (13)
rsync: delete_file: unlink(citadel) failed:  Permission denied (13)
could not make way for new directory: citadel
rsync: delete_file: unlink(citadel) failed:  Permission denied (13)
could not make way for new directory: citadel
*** Skipping any contents from this failed directoy ***

What permissions do I need to update to get this working?

You need to have read permission on the source directory and everything below for the user your are doing this as and Read/Write/Execute on the destination.

[collisionystm]

Easy way to do this.

Open a terminal for both servers on your computer. You will need to be able to copy and paste.

In each terminal do the following.

First, login with the username you plan to use to connect. I will assume its root.

sudo bash

ssh-keygen

enter through all prompts, no password.


Now, on server # 1

vi /root/.ssh/id_rsa.pub

copy everything in here.

:q! to quit

Open terminal for Server #2

sudo bash

nano /root/.ssh/authorized_keys

Paste contents from server #1's id_rsa.pub

CTRL + X then Y to save and exit.

Server # 1 can now ssh to server #2 without a password

I.E.

ssh root@server#2

Do the same steps in the other direction if you desire. Really you only need to do this on one server.

rsync works as

rsync SOURCE DESTINATIOn

rsync -ra /usr/local/citadel/* root@10.100.x.x:/usr/local/citadel

/usr/local/citadel/* is source

/usr/local/citadel is destination

follow my context and only put /'s where you see them.

EDIT: If you are not going to use ROOT, remove the SUDO from my directions. Just make sure you are using the same username on both sides.

[collisionystm]

if you want to watch the progress when you rsync make sure to make it look like this

rsync -ra --progress /usr/local/citadel/* root@10.100.x.x:/usr/local/citadel

[greavette]

Thank you for your assistance karlson.

This is my question also...since I'm connecting to the destination server as root and I am trying to copy files and folders from source to destination as root...how do I add root to the permissions so this sync can be done, and yet not mess up my current permissions on my Citadel mail server?

Once I have my permissions setup properly, this should work.

Thank you.

[greavette]

Whoops...sorry collisionystm...didn't see your responses till now. Thank you for the suggestions. I will try them tonight and let you know how it works!