Previous Section  < Day Day Up >  Next Section

Recipe 16.3. Making Secure Transfers with rsync and ssh

16.3.1 Problem

You want to use rsync to copy files to another PC over a LAN, or over the Internet, and you want encrypted transport and authentication.

16.3.2 Solution

Use rsync over ssh. ssh must be set up and working on all hosts.

Specify your source and destination, and specify ssh with the -e flag. This command transfers files over the local network, to ljl's account on the remote PC "stinkpad":

ljl@compak:~$ rsync -av -e ssh  stationery  stinkpad:test

ljl@stinkpad's password:

building file list ... done





wrote 25984 bytes  read 68 bytes  7443.43 bytes/sec

total size is 25666  speedup is 0.99

Beware of filepath trickiness. stinkpad:test uploads the stationery directory and its contents to /home/ljl/test on stinkpad. If /test does not exist, rsync will create it:

ljl@stinkpad's password:

building file list ... done

created directory test

If you want to upload to a directory outside of your home directory, you'll need sufficient permissions for rsync to create a new directory, or you'll need it to be an existing directory that you can write to. Precede the upload directory with a forward slash, to make it relative to the root filesystem instead of to your home directory:

$ rsync -av -e ssh  stationery  stinkpad:/shared_uploads

To upload files over the Internet, use your login on the remote system and the full domain name:

$ rsync -av -e ssh  stationery

The syntax for copying files from a remote host is a little different. This copies the /scripts directory and its contents from the remote host to your local /downloads directory:

$ rsync -av -e ssh  ~/downloads/

16.3.3 Discussion

Both authentication and transport are encrypted, so this is a nice, secure way to transfer sensitive files. The one downside is that users need shell accounts on all machines they are going to store files on or retrieve files from, so it's a bit of work to set up. A central server, with shared directories, is a good way to manage complex file sharing scenarios. You can control access with the usual Linux tools—file and directory permissions, and user groups, and you can use unique logins on the shared server, for extra security.

16.3.4 See Also

  • rsync(1)

    Previous Section  < Day Day Up >  Next Section