Unfortunately rsync does not cooperate with $SSH_ASKPASS
the way scp
and ssh
do.
Meanwhile, using scp
is absolutely terrible on slow connections where files are being updated... To scp
updates of a program to 4 servers (including one in China with the GFW) it was taking ~20 minutes. Running it with rsync
where only deltas of the binary are sent, it happens in under 15 seconds.
So rsync
is totally worth using.
Let's say that this is the rsync
job that I want to run:
rsync --chown app:app -e 'ssh -p 2222' \
--progress ./my-app \
app@MYSERVER:/home/app
All you need to do is add a -v
to the part that calls ssh
, and then grep for the Sending command
line, like this:
rsync --chown app:app -e 'ssh -v -p 2222' \
--progress /tmp/foo \
app@MYSERVER:/home/app 2>&1 \
| grep 'Sending command'
Enter passphrase for key '/home/me/.ssh/id':
debug1: Sending command: rsync --server -oge.LsfxCIvu --log-format=X --usermap=\\*:app --groupmap=\\*:app . /home/app
The output of our rsync --server
command is EXACTLY the only thing we'll allow in our ~/.ssh/authorized_keys on our server, and then we'll append:
no-pty,no-agent-forwarding,no-port-forwarding
So generate a new ssh key that we'll use just for rsyncing these files:
ssh-keygen -f rsync_key -t ed25519 -q -N ""
Then, on your server, edit the authorized keys file to add the content of rsync_key.pub
... But we'll prepend the command=
parameters to restrict the key to this exact rsync command:
command="rsync --server -oge.LsfxCIvu \
--log-format=X --usermap=\\*:app \
--groupmap=\\*:app . /home/app", \
no-pty,no-agent-forwarding,no-port-forwarding \
ssh-ed25519 AAAACFAKE_KEY_GENERATED_ONLY_FOR_TESTBOk7MpJi9jXfs+
↳ 4lEOvpQFAKE_RSYNC \
me@myhostname
Note that authorized keys lines must be on ONE LINE, so when you actually paste it in, it will look like:
command="rsync --server -oge.LsfxCIvu --log-format=X --usermap=\\*:app --groupmap=\\*:app . /home/app", no-pty,no-agent-forwarding,no-port-forwarding ssh-ed25519 AAAACFAKE_KEY_GENERATED_ONLY_FOR_TESTBOk7MpJi9jXfs+
↳ 4lEOvpQFAKE_RSYNC me@myhostname