Unfortunately rsync does not cooperate with $SSH_ASKPASS<\/code> the way
scp<\/code> and
ssh<\/code> do.<\/p>\n
Meanwhile, using
scp<\/code> is absolutely terrible on slow connections where files are being updated... To
scp<\/code> updates of a program to 4 servers (including one in China with the GFW) it was taking ~20 minutes. Running it with
rsync<\/code> where only deltas of the binary are sent, it happens in under 15 seconds.<\/p>\n
So
rsync<\/code> is totally worth using.<\/p>\n
Let's say that this is the
rsync<\/code> job that I want to run:<\/p>\n
rsync --chown app:app -e 'ssh -p 2222' \\\n --progress .\/my-app \\\n app@MYSERVER:\/home\/app<\/code><\/pre>\nAll you need to do is add a -v<\/code> to the part that calls ssh<\/code>, and then grep for the Sending command<\/code> line, like this:<\/p>\n
rsync --chown app:app -e 'ssh -v -p 2222' \\\n --progress \/tmp\/foo \\\n app@MYSERVER:\/home\/app 2>&1 \\\n | grep 'Sending command'\n\nEnter passphrase for key '\/home\/me\/.ssh\/id': \ndebug1: Sending command: rsync --server -oge.LsfxCIvu --log-format=X --usermap=\\\\*:app --groupmap=\\\\*:app . \/home\/app<\/code><\/pre>\nThe output of our rsync --server<\/code> command is EXACTLY the only thing we'll allow in our ~\/.ssh\/authorized_keys on our server, and then we'll append:<\/p>\n
no-pty,no-agent-forwarding,no-port-forwarding<\/code><\/pre>\nSo generate a new ssh key that we'll use just for rsyncing these files:<\/p>\n
ssh-keygen -f rsync_key -t ed25519 -q -N ""<\/code><\/pre>\nThen, on your server, edit the authorized keys file to add the content of rsync_key.pub<\/code>... But we'll prepend the command=<\/code> parameters to restrict the key to this exact rsync command:<\/p>\n
command="rsync --server -oge.LsfxCIvu \\\n--log-format=X --usermap=\\\\*:app \\\n--groupmap=\\\\*:app . \/home\/app", \\\nno-pty,no-agent-forwarding,no-port-forwarding \\\nssh-ed25519 AAAACFAKE_KEY_GENERATED_ONLY_FOR_TESTBOk7MpJi9jXfs+ \n \u00e2\u2020\u00b3 4lEOvpQFAKE_RSYNC \\\nme@myhostname<\/code><\/pre>\nNote that authorized keys lines must be on ONE LINE, so when you actually paste it in, it will look like:<\/p>\n
command="rsync --server -oge.LsfxCIvu --log-format=X --usermap=\\\\*:app --groupmap=\\\\*:app . \/home\/app", no-pty,no-agent-forwarding,no-port-forwarding ssh-ed25519 AAAACFAKE_KEY_GENERATED_ONLY_FOR_TESTBOk7MpJi9jXfs+ \n \u00e2\u2020\u00b3 4lEOvpQFAKE_RSYNC me@myhostname<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"Unfortunately rsync does not cooperate with $SSH_ASKPASS the way scp and ssh do. Meanwhile, using scp is absolutely terrible on slow connections where files are being updated… To scp updates of a program to 4 servers (including one in China with the GFW) it was taking ~20 minutes. Running it with rsync where only deltas […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"_links":{"self":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/231"}],"collection":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/comments?post=231"}],"version-history":[{"count":5,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/231\/revisions"}],"predecessor-version":[{"id":236,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/posts\/231\/revisions\/236"}],"wp:attachment":[{"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/media?parent=231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/categories?post=231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/erwin.co\/wp-json\/wp\/v2\/tags?post=231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}