...
On "seq", run
Code Block ssh-keygen -t rsa
enter NO passphrase - just hit return both times. Do NOT use "id_rsa" as the name of the private key file - name it something like "id_rsa.seq2four". Note that this also creates the file id_rsa.pub - you will need the line inside this file for the next step on "four".
On "four",
...
- Create
create or append to the file ~.ssh/authorized_keys the single line key that was in id_rsa.pub on "seq" generated in step 1, or use "ssh-copy-id -i id_rsa.seq2four <user>@<four>.
Create an executable shell script on "four" that contains this simple script - let's call it "~/bin/validate-rsync-ssh.sh":
Code Block title From: http://blog.jolexa.net/2011/02/tip-single-purpose-password-less-ssh-key/ #!/bin/bash case "$SSH_ORIGINAL_COMMAND" in rsync\ --server*) # uncomment for debug # echo "$(date +%Y%m%d): $SSH_ORIGINAL_COMMAND" >> /var/log/ssh-cmd.log $SSH_ORIGINAL_COMMAND ;; # debug testconnect) echo "You successfully connected to $(hostname)" ;; *) echo "Sorry, command '$SSH_ORIGINAL_COMMAND' is not allowed" exit 1 ;; esac
Don't forget to make this file executable (chmod +x validate-rsync-ssh.sh).
- Pre-pend the text: command="~/bin/validate-rsync-ssh.sh" to your ssh-rsa key in the file ~/.ssh/authorized_keys, with a space between this and the text "ssh-rsa".
Now test everything by doing this command back on "seq":
Code Block ssh -i ~/.ssh/id_rsa.seq2four miseq@fourierseq.icmb.utexas.edumiq@four testconnect
This should give you the message from your "validate-rsync-ssh.sh" script, "You successfully connected to four". Commands other than "testconnect" should give you the, "Sorry, command... is not allowed" error message.
Now try your rsync from "seq" to "four" - it should work smoothly:
Code Block rsync -avP -e 'ssh -i /home/me/.ssh/id_rsa.seq2four' localfiles.txt miseq@fourmiq@four:RemoteDir
Note that the path to your "id_rsa.seq2four" must be absolute - the shell and rsync get confused about who's expanding what when if you try using variables or "~".
Other notes:
ssh is VERY picky about the permissions of the .ssh directory on "four" - they MUST be:
Code Block miseq@four:~/.ssh$ ls -la drwx------ 2 miseqmiq ut_austingroup 4096 2013-07-25 10:36 .
IN ADDITION - the .ssh directory should be tight:
Code Block chmod 700 ~/.ssh ls -ld .ssh: drwx------ 2 miq group 4096 Nov 26 17:25 .ssh
AND your home dir must be at least 775:
Code Block chmod 775 ~ ls -ld ~ drwxrwsr-x 22 miq group 4096 Nov 26 17:25 /home/miq