rsync
is very popular synchronization tool used in Linux environment. Rsync communication is clear text by default. This makes rsync vulnerable man in the middle attacks. How can we make rsync secure with ssh
. In this tutorial we will look different ways to make secure with ssh
rsync
是Linux环境中非常流行的同步工具。 默认情况下,Rsync通信为纯文本。 这使得rsync在中间攻击中容易受到攻击。 如何使用ssh
使rsync安全。 在本教程中,我们将探讨使用ssh
进行安全保护的不同方法。
检查SSH连接 (Check Ssh Connection)
The first thing we will do is checking the remote ssh service. We will of course use ssh
command for this. In this example the user is root
and server name is poftut2
.
我们要做的第一件事是检查远程ssh服务。 我们当然会为此使用ssh
命令。 在此示例中,用户为root
,服务器名称为poftut2
。
$ ssh [email protected]
通过Ssh隧道将单个文件从本地复制到远程 (Copy Single File From Local To Remote Via Ssh Tunnel)
The first example is about copying local single local file to remote system via ssh. We will provide -e ssh
parameter to enable ssh tunelling. We will copy file named mydata.dat
into the server named poftut2
with user name ismail
directory /home/ismail/
第一个示例是关于通过ssh将本地单个本地文件复制到远程系统。 我们将提供-e ssh
参数以启用ssh调整。 我们将命名文件复制mydata.dat
到指定的服务器poftut2
与用户名ismail
目录/home/ismail/
$ rsync -e ssh mydata.dat [email protected]:/home/ismail/
启用基于PasswordlessKey的Ssh身份验证 (Enable PasswordlessKey Based Ssh Authentication)
In order to make things simpler and work as batch we should setup passwordless key based ssh authentication. This is done by copying and setting login public key to the remote systems. First we will create ssh kek.
为了简化操作并批量处理,我们应该设置基于SSH身份验证的无密码密钥。 这是通过将登录公用密钥复制并设置到远程系统来完成的。 首先,我们将创建ssh kek。
$ ssh-keygen
This will create a private and related public key pair in ~/.ssh/
directory. Now we will setup key based authentication with the following command. The username will be ismail
and remote system is poftut2
这将在~/.ssh/
目录中创建一个私钥和相关的公钥对。 现在,我们将使用以下命令设置基于密钥的身份验证。 用户名是ismail
,远程系统是poftut2
$ ssh-copy-id [email protected]
通过Ssh隧道将单个文件从远程复制到本地 (Copy Single File From Remote To Local Via Ssh Tunnel)
In this example we will copy remote file named asd.pub
to the local directory /root/
. .
is used to specify current working directory. The local file will be named asd.pub
.
在此示例中,我们将名为asd.pub
远程文件复制到本地目录/root/
。 .
用于指定当前工作目录。 本地文件将命名为asd.pub
。
$ rsync -e ssh [email protected]:/root/asd.pub .
从本地文件夹同步到远程文件夹 (Synchronize From Local Folder To Remote Folder)
Now we need more useful examples. One of the most used situation is synchronizing local folder to the remote folder. We will synchronize from local folder to remote folder via ssh tunnel.
现在我们需要更多有用的例子。 最常用的情况之一是将本地文件夹同步到远程文件夹。 我们将通过ssh隧道从本地文件夹同步到远程文件夹。
$ rsync -e ssh /home/ismail/ [email protected]:/bak
从远程文件夹同步到本地文件夹 (Synchronize From Remote Folder To Local Folder)
This example is the reverse version of previous example. We will synchronize from remote system to the local system.
本示例是上一示例的反向版本。 我们将从远程系统同步到本地系统。
$ rsync -e ssh [email protected]:/bak /home/ismail/
指定不同的Ssh端口 (Specify Different Ssh Port)
Ssh uses TCP/22 as default port. But this may not the same for some times. We may need to specify the remote ssh port explicitly. We can use -e
option with ssh
command like below.
Ssh使用TCP / 22作为默认端口。 但这有时可能会有所不同。 我们可能需要明确指定远程ssh端口。 我们可以在ssh
命令中使用-e
选项,如下所示。
$ rsync -e "ssh 2222" [email protected]:/bak /home/ismail/