Deprecated: Creation of dynamic property c2c_AddAdminCSS::$admin_options_name is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$config is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$disable_contextual_help is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$disable_update_check is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$hook_prefix is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$form_name is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$menu_name is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$name is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$nonce_field is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$settings_page is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$show_admin is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$textdomain is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$textdomain_subdir is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 106 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$author_prefix is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 109 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$id_base is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 110 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$options_page is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 111 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$plugin_basename is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 112 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$plugin_file is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 113 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$plugin_path is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 114 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$u_id_base is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 115 Deprecated: Creation of dynamic property c2c_AddAdminCSS::$version is deprecated in /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php on line 116 Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/wp-content/plugins/add-admin-css/c2c-plugin.php:106) in /var/www/html/wp-includes/rest-api/class-wp-rest-server.php on line 1768 {"id":231,"date":"2023-01-18T14:52:17","date_gmt":"2023-01-18T07:52:17","guid":{"rendered":"https:\/\/erwin.co\/?p=231"},"modified":"2023-01-18T14:56:29","modified_gmt":"2023-01-18T07:56:29","slug":"rsync-and-encrypted-ssh-keys","status":"publish","type":"post","link":"https:\/\/erwin.co\/rsync-and-encrypted-ssh-keys\/","title":{"rendered":"Rsync and encrypted SSH keys"},"content":{"rendered":"

Unfortunately rsync does not cooperate with $SSH_ASKPASS<\/code> the way scp<\/code> and ssh<\/code> do.<\/p>\n

Meanwhile, using scp<\/code> is absolutely terrible on slow connections where files are being updated... To scp<\/code> updates of a program to 4 servers (including one in China with the GFW) it was taking ~20 minutes. Running it with rsync<\/code> where only deltas of the binary are sent, it happens in under 15 seconds.<\/p>\n

So rsync<\/code> is totally worth using.<\/p>\n

Let's say that this is the rsync<\/code> job that I want to run:<\/p>\n

rsync --chown app:app -e 'ssh -p 2222' \\\n  --progress .\/my-app \\\n    app@MYSERVER:\/home\/app<\/code><\/pre>\n

All you need to do is add a -v<\/code> to the part that calls ssh<\/code>, and then grep for the Sending command<\/code> line, like this:<\/p>\n

rsync --chown app:app -e 'ssh -v -p 2222' \\\n  --progress \/tmp\/foo \\\n  app@MYSERVER:\/home\/app 2>&1 \\\n  | grep 'Sending command'\n\nEnter passphrase for key '\/home\/me\/.ssh\/id': \ndebug1: Sending command: rsync --server -oge.LsfxCIvu --log-format=X --usermap=\\\\*:app --groupmap=\\\\*:app . \/home\/app<\/code><\/pre>\n

The output of our rsync --server<\/code> command is EXACTLY the only thing we'll allow in our ~\/.ssh\/authorized_keys on our server, and then we'll append:<\/p>\n

no-pty,no-agent-forwarding,no-port-forwarding<\/code><\/pre>\n

So generate a new ssh key that we'll use just for rsyncing these files:<\/p>\n

ssh-keygen -f rsync_key -t ed25519 -q -N ""<\/code><\/pre>\n

Then, on your server, edit the authorized keys file to add the content of rsync_key.pub<\/code>... But we'll prepend the command=<\/code> parameters to restrict the key to this exact rsync command:<\/p>\n

command="rsync --server -oge.LsfxCIvu  \\\n--log-format=X --usermap=\\\\*:app \\\n--groupmap=\\\\*:app . \/home\/app", \\\nno-pty,no-agent-forwarding,no-port-forwarding \\\nssh-ed25519 AAAACFAKE_KEY_GENERATED_ONLY_FOR_TESTBOk7MpJi9jXfs+           \n      \u00e2\u2020\u00b3 4lEOvpQFAKE_RSYNC \\\nme@myhostname<\/code><\/pre>\n

Note that authorized keys lines must be on ONE LINE, so when you actually paste it in, it will look like:<\/p>\n

command="rsync --server -oge.LsfxCIvu  --log-format=X --usermap=\\\\*:app --groupmap=\\\\*:app . \/home\/app", no-pty,no-agent-forwarding,no-port-forwarding ssh-ed25519 AAAACFAKE_KEY_GENERATED_ONLY_FOR_TESTBOk7MpJi9jXfs+           \n      \u00e2\u2020\u00b3 4lEOvpQFAKE_RSYNC me@myhostname<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"

Unfortunately rsync does not cooperate with $SSH_ASKPASS the way scp and ssh do. Meanwhile, using scp is absolutely terrible on slow connections where files are being updated… To scp updates of a program to 4 servers (including one in China with the GFW) it was taking ~20 minutes. Running it with rsync where only deltas […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"_links":{"self":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/231"}],"collection":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/comments?post=231"}],"version-history":[{"count":5,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/231\/revisions"}],"predecessor-version":[{"id":236,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/231\/revisions\/236"}],"wp:attachment":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/media?parent=231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/categories?post=231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/tags?post=231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}