Rsync Remote to Remote [duplicate]

rsync virtual-machines

I'm looking for a solution for using rsync between 2 remote servers. It seems like its not possible. Does any one know why its not possible? I ask that because I think if I know the reason, maybe I could use another tool to make it possible.

Update: I have a hypervisor on my primary site with n vm's running on. I have another hypervisor on my secondary site which I want to be the backup server for my primary server. For keeping the file synced between these two, the best way I've found is using rsync. The problem is I don't want to run my code (rsync) on the VMs because I want my product to be agent less. In this case I need to add a third computer to do run the code. Now, I need to rsync between my primary and secondary site which I'm stuck with because rsync doesn't work for remote to remote servers.


Solution 1:

ssh user@server1 "rsync /files user@server2:/directory"

Solution 2:

You can use ssh, with ssh public/private keys to do this securely with rsync.

ssh can authenticate with a password, or with a public/private keypair. In this answer I will cover how to setup an ssh public/private key pair. Describe ssh-agent forwarding, and how to use them with rsync to sync two remote machines.

SSH public/private key

You can generate an ssh key pair by using ssh-keygen, it will prompt you for a passphrase, you will want to enter something secure here. it will also generate two files $HOME/.ssh/id_rsa (don't share this), and $HOME/.ssh/id_rsa.pub.

The public key (id_rsa.pub) can be shared with anyone without fear of your account being compromised by them. If someone gets a hold of your private key then they can authenticate to any account/machine that is set up to accept your private key.

This is where the passphrase comes in, it makes it so if someone gets your private key they still need to know the passphrase.

authorized_keys

During login ssh looks for a file at $HOME/.ssh/authorized_keys. This file is a list of public keys that are authorized to be used for authentication. On your remote machines you will want to append your id_rsa.pub to this file.

During ssh attempts you will now be prompted for your passphrase to your private key instead of your password.

ssh-agent

You can avoid having to type your passphrase over and over by using ssh-agent bash, followed by ssh-add. This first runs bash with a "keyring" attached to it, then adds your key to the keyring. Now, while in this shell if ssh is called it will pull your private key from the keyring instead of prompting you for the passphrase.

agent-forwarding

Set AllowAgentForwarding yes in /etc/ssh/sshd_config on the remote hosts. This makes it so you can ssh from a machine you have sshed to, to another one that has your public key in authorized_keys and you won't be prompted for a password, or passphrase, as it will handle the communication back to the keychain at your source machine.

ssh commands

ssh lets you issue a command at the remote machine without giving you a shell, if you have the above setup you can do the following:

ssh user1@remote_host1 'hostname;id'

This will run the commands hostname, and id on remote_host1 and use your key without prompting you. It should return "remote_host1, user1"

You could also demonstrate the agent forwarding with

ssh user1@remote_host1 'ssh user2@remote_host2 "hostname;id"'

This will run ssh user2@remote_host2 "hostname;id" on remote_host1 wich will then ssh to remote_host2 and run the commands their. It hand back the authentication request to your machine as agent forwarding is on and use your key without prompting you. It should return "remote_host2, user2"

rsync

You can now do the following.

ssh remote_host1_user@remote_host1 "rsync -ave ssh  source_sync_dir remote_host2_user@remote_host2:target_sync_dir"

This tells remote_host1 to rsync the source on host_1 with the destination on host_2, and rsync has been told to use ssh, which will use your forwarded key.

Related

Storage Architecture
Install RVM with ansible
What is the meaning of "deassert" in this context?
What would cause IO Wait on a SAN?
S.M.A.R.T. (smart) attribute 190 failing on Seagate Backup Plus 4TB drive
Using strongswan, what's the difference between auto=add, and auto=start?
SMTP sent E-mail not copied to Sent Folder [closed]
Setting a static route for a specific network adapter with two network adapters
SW SSD Raid 1 over HW RAID 10
do-release-upgrade -d Ubuntu 13.10 -> 14.04 failing
How to delete all ufw rules for a certain port?
When do browsers request and use IPv6 DNS records?