i wanted to backup contents of /directory1 from "server A" on to "Server B" every 1 hour.
If there is any change in (only new/differences) contents on serverA (directory1/) supposed to be backeup on next run.
I did used rsync command to sync manually from server A to B using normal user. concept is working.
But i would like to automate this using scheduler using root.
My issue is,
I can not use password less SSH to automate this rysnc process (am familiar with password less ssh). Because direct/remote login disabled for root user. I do not want to enable it and sharing root public keys from one server to other server is not recommend in my situation.
Server A directory1/files owned by root.
Server B /Backups/ directory is also owned by root.
Can you please give me any idea on how to "set up password less automated rsync from server A to server B" with out enabling direct root login ?
You are specifying a connection to ServerB as user1, so the value for PermitRootLogin is ignored on ServerB. If you want it to run as root on ServerB and don't want to brute-force break your way around ssh, then you could:-
ssh as user1 and then use sudo
set the PermitRootLogin value to forced-commands-only This requires the command to be added to the authorized_keys file on ServerB
@blackrageous
Thanks for your help. Unfortunately i can not access the link now.
@rabtte1
Thanks for your response/help Robin.
first suggestion: we do not use sudo as of now. can we do it with su ?
second suggestion: looks interesting. But Do i need to set PermitRootLogin as YES ?
If that is the case, will it be a problem? If we are able to run "authorized_keys" file commands and block all other SSH/remote login traffic. that would be ok.
please suggest. thanks
---------- Post updated at 02:04 PM ---------- Previous update was at 01:34 PM ----------
I just got some other idea, like
server B: /Backups is owned by root.
If i can create new sub-directory called "userdir" under /Backups as root. And
change the permissions/ownership as " user:somegroup".
serverB:
drwxr-xr-x root:system /Backups
drwxr-xr-x saccnt:spgrp /Backups/userdir (I will create a special system account user/group
Now i can share serverA root pub key with saccnt user on serverB. i can schedule a rsync script on serverA as root.
You do not need to have PermitRootLogin Yes The forced-commands-only option means that you can only run the commands specified by the matching record in your authorized_keys file. This is from one of mine:-
This means that you can keep Security happy, because you still prevent login with ssh as root.
I suppose another way would be to use NFS and mount the ServerB directory on ServerA. You then could copy the data much more easily, as though it were a local resource. Do you know how to do this? It's a bit like mapping a network disk in Microsoft terms. This might give you security concerns though, as the data will be available on ServerA (subject to permissions) and you need to be careful with ownership. The files/directories ownership are stored as the UID & GID numbers and that can vary between servers, e.g. a file owned by bob, UID 1024 on ServerB may appear to be owned by sue on ServerA if sue has UID 1024 on ServerA.
Not sure if either of these suggestions helps or causes more headaches.
It looks good Robin. Thank you for your response/suggestion/help.
Yes, we already thought about NFS way.
Thanks for the "forced command" info. We will think about different approaches and proceed accordingly.
