rsync between two remote hosts
TIL
633
rsync
1
ssh
11
White

hai-ld viết ngày 19/07/2017

rsync between two remote hosts

When you need to rsync between two remote hosts which can't connect to each other, but you can SSH login into both hosts from your local host, the following command can solve the problem (with a security caveat)

The command

ssh -A -R localhost:50000:dest_host:22 src_user@src_host \
    'rsync -e "ssh -p 50000 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" -av -P /src/path/ dest_user@localhost:/dest/path'

Explanation

rsync cannot normally work between two remote hosts, so we need to open an SSH tunnel through local host to destination host, then we execute rsync on source host to transfer files through the tunnel.

  • -R localhost:50000:dest_host:22 src_user@src_host: login to source host, open a reverse (-R) tunnel such that when processes on that host send data to localhost:50000 (localhost is in respect with source host), those packets will traverse through the tunnel to the local host, then to dest_host:22 (dest_host is in respect with local host)
  • -e "ssh -p 50000" dest_user@localhost:/dest/path: instruct rsync to sync with SSH through port 50000 (default port 22) on localhost, which is actually the entrance of the tunnel whose exit is destination host's port 22
  • ssh -A: rsync on source host needs to login via SSH first to dest_user@source_host:50000, which as we already know is actually dest_user@dest_host:22, but normally it has no credentials to make such login. -A (agent forwarding) will allow SSH on source host to to log into destination host using credentials stored in the SSH agent of local host.
  • -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null: so that rsync's SSH connection won't check for host keys of localhost:50000/dest_host:22 and won't save that host key into ~/.ssh/known_hosts. This is just personal preference, to keep things tidy.
  • Security caveat: -A could allow an attacker from source host to login to destination host, as long as the SSH connection is open, therefore only used agent forwarding to trusted hosts, and keep the connection as short as possible.

References

Bình luận


White
{{ comment.user.name }}
Bỏ hay Hay
{{comment.like_count}}
Male avatar
{{ comment_error }}
Hủy
   

Hiển thị thử

Chỉnh sửa

White

hai-ld

2 bài viết.
1 người follow
Kipalog
{{userFollowed ? 'Following' : 'Follow'}}
{{like_count}}

kipalog

{{ comment_count }}

bình luận

{{liked ? "Đã kipalog" : "Kipalog"}}


White
{{userFollowed ? 'Following' : 'Follow'}}
2 bài viết.
1 người follow

 Đầu mục bài viết

Vẫn còn nữa! x

Kipalog vẫn còn rất nhiều bài viết hay và chủ đề thú vị chờ bạn khám phá!