Page 1 of 1

ssh and rsync without using passwords

Posted: 2012/02/22 22:20:13
by Barjawi
Hi,

I am creating cronjobs that backup the databases on the main server, and I want to copy these backups to a backup server. Of course, for this to happen, I have to get the rsync to work without entering passwords.

I have been looking for this for a while now... I have followed most of the tutorials online... but to no avail... not sure what I am doing wrong here. I hope I can find some answers here.

So this is what I do:

on the main server, I login as root, and then:
> ssh-keygen -t rsa

then I hit enter on all the questions (i.e., no password, and default location)

then I use the following command to copy the public key to the backup server:
> ssh-copy-id -i .ssh/id_rsa.pub barjawi@myserver.com

I made sure that the .ssh folder has 700 permission, and the private key as well as the authorized_hosts has 600 permissions.

but still whenever I use:
> ssh barjawi@myserver.com

I still need to enter my password.... what am I doing wrong here?

Now my next step after getting ssh to work without entering password is to use the following command on the main server in order to copy the backup files:

>rsync -alvz -e "ssh -i ~/.ssh/id_rsa" --cvs-exclude backup-files barjawi@myserver:path/to/location/

is that corrrect way to do it?

In addition to that, I also need to be able to pull data from the backup server without the need to enter passwords as well... do I need to reverse the operation in order to use such an rsync operation?

>rsync -alvz -e "ssh -i ~/.ssh/id_rsa" --cvs-exclude barjawi@myserver:path/to/location/backup-files .

Thanks,

Re: ssh and rsync without using passwords

Posted: 2012/02/23 01:08:47
by TrevorH
Since you generated the key and copied it as root, did you check the ownership of the ~/.ssh/authorized_keys file to make sure the user can read it?

Re: ssh and rsync without using passwords

Posted: 2012/02/23 02:37:40
by pschaff
Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

Is myserver.com also running CentOS-5? Is SELinux Enforcing? If so, check the SELinux context:[code]ls -alZ ~barjawi/.ssh[/code]