Rsync a remote machine without root login 2014-03-23
The problem: you want to full-rsync a remote machine, but you can only log in using an unprivileged (non-root) user.
The solution: sudo with the correct setup does the trick!
Prerequisites
- You can connect to the remote machine using SSH and a private/public keypair (passwordless login). Enter your local SSH public key in the remote server’s .ssh/authorized_keys file.
- You can become root on the remote machine once you are logged in.
- sudo is installed on the remote machine.
Configure sudo on the remote machine
On the remote machine, we can login with the user backupuser
, but this is an unprivileged user. We want this user to become root passwordless, but only for the rsync command.
We configure sudo so that the backupuser can use rsync, and rsync only, passwordless as root:
$ sudo visudo
## add the following line, changing the username as apropriate:
remotebackup ALL=NOPASSWD:/usr/bin/rsync
This enables the user backupuser
to become root passwordless, but only for the rsync command.
Invoking rsync
on the local machine with --rsync-path
Now you can use rsync
on the local machine to fetch the parts you want to copy. Make sure you set the --rsync-path
option:
$ rsync -av --rsync-path="sudo rsync" backupuser@remotehost:/remote/path/ /local/backup/path/