<div>Rsync can connect to remote machines using RSH or SSH. When it uses this method instead of rsyncd, It then runs rsync on the remote machine and send the data through a pipe. If you tell RSYNC on the sending machine to use SSH with an Identity key, that key goes into authorized_keys on the remote machine prepended with command="sudo /usr/bin/rsync". Now you have the ability to connect as a non-root user but have the abilty to RSYNC as root.</div>
<div> </div><div>Single purpose SSH keys are nice because you don't even need to send a command to the remote host. "tar -czf ./dir |SSH -i some_key" is all that is needed as long as the remote side is setup correctly. Also if someone were to get your key they can only do one thing with it, so you can limit exposure.</div>
<div> </div><div>Rsyncd may also be a solution but I don't care to leave it running and do not know the ins and outs.<br><br></div><div class="gmail_quote">On Thu, Nov 3, 2011 at 9:19 PM, David L. Anselmi <span dir="ltr"><<a href="mailto:anselmi@anselmi.us">anselmi@anselmi.us</a>></span> wrote:<br>
<blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;" class="gmail_quote"><div class="im">Will wrote:<br>
> Use single purpose SSH keys, connect as a non-root user with an autharized<br>
> key. When that key is used it runs sudo and starts rsync as root.<br>
<br>
</div>I think there's more to it than this (an exercise for the reader perhaps). Or perhaps you meant<br>
rsyncd, and that might be worth looking at.<br>
<br>
> <a href="http://pkeck.myweb.uga.edu/ssh/" target="_blank">http://pkeck.myweb.uga.edu/ssh/</a><br>
<br>
I think the bit about the same passphrase or id_dsa is wrong (first bullet under More keys!).<br>
<br>
Dave<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
clue mailing list: <a href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br>
For information, account preferences, or to unsubscribe see:<br>
<a href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a><br>
</div></div></blockquote></div><br>