Rsync a remote machine without root login 2014-03-23

The problem: you want to full-rsync a remote machine, but you can only log in using an unprivileged (non-root) user.

The solution: sudo with the correct setup does the trick!

Prerequisites

You can connect to the remote machine using SSH and a private/public keypair (passwordless login). Enter your local SSH public key in the remote server’s .ssh/authorized_keys file.
You can become root on the remote machine once you are logged in.
sudo is installed on the remote machine.

Configure sudo on the remote machine

On the remote machine, we can login with the user backupuser, but this is an unprivileged user. We want this user to become root passwordless, but only for the rsync command.

We configure sudo so that the backupuser can use rsync, and rsync only, passwordless as root:

$ sudo visudo

## add the following line, changing the username as apropriate:
remotebackup  ALL=NOPASSWD:/usr/bin/rsync

This enables the user backupuser to become root passwordless, but only for the rsync command.

Invoking `rsync` on the local machine with `--rsync-path`

Now you can use rsync on the local machine to fetch the parts you want to copy. Make sure you set the --rsync-path option:

$ rsync -av --rsync-path="sudo rsync" backupuser@remotehost:/remote/path/ /local/backup/path/

Rsync a remote machine without root login 2014-03-23

Prerequisites

Configure sudo on the remote machine

Invoking rsync on the local machine with --rsync-path

Invoking `rsync` on the local machine with `--rsync-path`