Rsync password asked even after generating key (while ssh works passwordless)
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The remote server should need no special configuration. Nor should rsync ask for the password. It should ask for the passphrase if it is using the key. Can you post a sanitized version of what you are currently typing with rsync? What is the remote user, not root I hope?
user@remote_IP's password:
Password:
sending incremental file list
[...]
sent 1932570 bytes received 10699 bytes 117773.88 bytes/sec
total size is 3868894202 speedup is 1990.92
The first password because I don't use a key for this user, and the second being...?????
'sync' is different than 'rsync', maybe that's a typo.
If you're using the key, that needs to be specified with ssh using -i, if that is missing then it will ask you for the password to the account instead of the passphrase for the key. See the examples above for the syntax.
About logging in remotely as root, it's generally discouraged. If you are insistent upon it, you can make it use keys only by setting 'PermitRootLogin' to “without-password”, “forced-commands-only”, or “no”.
to the best of my knowledge rsync by defaults uses ssh protocol encryption for transfering stuff over network. I don't understad why are you again telling the command to use ssh protocol?
rsync -ar --exclude /home/owncloud /home remote_IP:/NetBackup/VPS_backup
rsync: mkdir "/NetBackup/VPS_backup" failed: No such file or directory (2)
rsync error: error in file IO (code 11) at main.c(615) [Receiver=3.0.8]
rsync: connection unexpectedly closed (9 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(601) [sender=3.0.7]
And with double colon :: it also asks for a password! I still think this has nothing to do with SSH (which works great without ever entering any password) but with rsync somewhere inside the remote server.
The thing is, the directory does exist, and everything works perfectly when I use the double colon. I only used single colon because you suggested so...
Rsync works on that exact directory but only with the double colon.
What I'm trying to do is being able to use rsync as a cronjob, without having to enter the second password (as we have I think proved that the problem doesn't come from the first password, the one that says "user@remote_ip's password"...)
My opinion is that the NAS has modified rsync somehow, and the result is that I have to enter my root password each time I'm trying to connect to the module (not just the server!).
Alright, here we go, this time with user@...
It doesn't make any difference at all (user is root whether I specify the user or not).
Code:
rsync -r -e 'ssh -va' /test root@remote_IP::NetBackup/test
OpenSSH_5.5p1 Debian-6+squeeze3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to remote_IP port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1-hpn13v11
debug1: match: OpenSSH_5.8p1-hpn13v11 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remote_IP' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: rsync --server --daemon .
Password:
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2888, received 2896 bytes, in 3.0 seconds
Bytes per second: sent 949.4, received 952.0
debug1: Exit status 0
As you can see, the "Password" line happens well after I SSH into the remote server, right after it sends the rsync command.
If I connect as any other user (not root, without a rsa key), here is what happens:
Code:
rsync -r -e 'ssh -va' /test user@remote_IP::NetBackup/test
OpenSSH_5.5p1 Debian-6+squeeze3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to remote_IP port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1-hpn13v11
debug1: match: OpenSSH_5.8p1-hpn13v11 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remote_IP' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
user@remote_IP's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: rsync --server --daemon .
Password:
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2392, received 2640 bytes, in 2.3 seconds
Bytes per second: sent 1033.0, received 1140.0
debug1: Exit status 0
As you can see, it asks me twice for a password, which is not normal. The first one is quite logically the password of the user on that machine, the second one is the root password of the remote server. I think that the remote server is checking if that particular user has the right to use the service/module, because I just tried with a low-level user (that has a very limited access to the server), and sure enough, immediately after the second password is asked I get:
Code:
@ERROR: service disabled
rsync error: error starting client-server protocol (code 5) at main.c(1524) [sender=3.0.7]
please print the results of ls -laF (those are lower case Ls, not ones) from both systems of ~/.ssh/ directories.
the above is looking like a permissions issue, not a key issue.
should look something like the following:
Code:
[user@server ~]$ ls -laF ~/.ssh/
total 48
drwx------. 2 ray ray 4096 Mar 14 15:23 ./
drwx------. 19 ray ray 4096 Jun 17 13:39 ../
-rw-------. 1 ray ray 4466 Mar 12 10:30 authorized_keys
-rw-r--r--. 1 ray ray 175 Jan 5 12:23 config
-r--------. 1 ray ray 3243 Jan 5 12:14 id_rsa
-rw-r--r--. 1 ray ray 741 Jan 5 12:14 id_rsa.stuff.pub
-rw-r--r--. 1 ray ray 741 Jan 5 12:14 id_rsa.pub
-rw-r--r--. 1 ray ray 752 Jan 5 17:08 id_rsa.pub.remote
-rw-r--r--. 1 ray ray 741 Jan 22 12:22 id_rsa.pub.foo
-rw-r--r--. 1 ray ray 749 Jan 6 19:14 id_rsa.pub.foo2
-rw-r--r--. 1 ray ray 1842 Jun 13 14:35 known_hosts
Still no.
Following what I think is the problem (something to do with rsync on the remote server because Synology modified it somehow, and not ssh), I found this. It didn't work (I still need to enter a 2nd password), but it seems to confirm that there is a password needed for using the rsync module, which has nothing to do with ssh.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.