rsync mystery
in [General Linux]
|
Prev: cat for binary file
Next: Sluggish USB hard drives
From: The Natural Philosopher on 9 Feb 2010 13:28 I have tow machines I am attempting to set up rsync between. It's proving the usual badly documented nightmare. everything works except using a local password file to send the password i.e. I can manually key in a password and transfers work, but not if I specify a password file. I.e. this works: # rsync -av asite.dyndns.org::rsync/leo/scripts /tmp Password: ******** receiving incremental file list sent 56 bytes received 128 bytes 19.37 bytes/sec total size is 975 speedup is 5.30 This does not # rsync -av --password-file=/etc/.rs_pass asite.dyndns.org::rsync/leo/scripts /tmp @ERROR: auth failed on module rsync rsync error: error starting client-server protocol (code 5) at main.c(1522) [receiver=3.0.3] password files on both machines are identical. root:bollox2u on the remote machine the config says [rsync] path = /home use chroot = no max connections = 4 auth users = root hosts allow = xx.xx.xx.xx (obviously its a real address here) secrets file = /etc/.rs_sec uid = root gid = root which works if manually entered. Running under inetd. I've upgraded to version 3 at each end. far end is 3.0.7, local end 3.0.3,same protocol versions Log files on the remote say: Feb 9 18:18:48 vault rsyncd[18917]: connect from UNKNOWN (xx.xx.xx.xx) Feb 9 18:18:57 vault rsyncd[18917]: rsync on rsync/leo/scripts from root(a)unknown (xx.xx.xx.xx) Feb 9 18:18:57 vault rsyncd[18917]: building file list Feb 9 18:18:58 vault rsyncd[18917]: sent 143 bytes received 57 bytes total size 975 .... Feb 9 18:19:42 vault rsyncd[18918]: connect from UNKNOWN (xx.xx.xx.xx) Feb 9 18:19:43 vault rsyncd[18918]: auth failed on module rsync from unknown (xx.xx.xx.xx): password mismatch Any clues?
From: The Natural Philosopher on 9 Feb 2010 13:32 The Natural Philosopher wrote: Ok forget I asked. The important thing is that the password files must NOT be the same, it seems. On a complete 'how much of an a**hole can a programmer be' I put JUST the password in the local password file. Not root:password. > I have tow machines I am attempting to set up rsync between. > It's proving the usual badly documented nightmare. > > everything works except using a local password file to send the password > > i.e. I can manually key in a password and transfers work, but not if I > specify a password file. > > I.e. this works: > > # rsync -av asite.dyndns.org::rsync/leo/scripts /tmp > Password: ******** > receiving incremental file list > > sent 56 bytes received 128 bytes 19.37 bytes/sec > total size is 975 speedup is 5.30 > > > This does not > > # rsync -av --password-file=/etc/.rs_pass > asite.dyndns.org::rsync/leo/scripts /tmp > @ERROR: auth failed on module rsync > rsync error: error starting client-server protocol (code 5) at > main.c(1522) [receiver=3.0.3] > > password files on both machines are identical. > > root:bollox2u > > on the remote machine the config says > > [rsync] > path = /home > use chroot = no > max connections = 4 > auth users = root > hosts allow = xx.xx.xx.xx (obviously its a real address here) > secrets file = /etc/.rs_sec > uid = root > gid = root > > which works if manually entered. > > Running under inetd. I've upgraded to version 3 at each end. far end is > 3.0.7, local end 3.0.3,same protocol versions > > Log files on the remote say: > > Feb 9 18:18:48 vault rsyncd[18917]: connect from UNKNOWN (xx.xx.xx.xx) > Feb 9 18:18:57 vault rsyncd[18917]: rsync on rsync/leo/scripts from > root(a)unknown (xx.xx.xx.xx) > Feb 9 18:18:57 vault rsyncd[18917]: building file list > Feb 9 18:18:58 vault rsyncd[18917]: sent 143 bytes received 57 bytes > total size 975 > ... > > Feb 9 18:19:42 vault rsyncd[18918]: connect from UNKNOWN (xx.xx.xx.xx) > Feb 9 18:19:43 vault rsyncd[18918]: auth failed on module rsync from > unknown (xx.xx.xx.xx): password mismatch > > Any clues?
From: unruh on 9 Feb 2010 16:03 On 2010-02-09, The Natural Philosopher <tnp(a)invalid.invalid> wrote: > I have tow machines I am attempting to set up rsync between. > It's proving the usual badly documented nightmare. > > everything works except using a local password file to send the password > > i.e. I can manually key in a password and transfers work, but not if I > specify a password file. > > I.e. this works: > > # rsync -av asite.dyndns.org::rsync/leo/scripts /tmp > Password: ******** > receiving incremental file list > > sent 56 bytes received 128 bytes 19.37 bytes/sec > total size is 975 speedup is 5.30 > > > This does not > > # rsync -av --password-file=/etc/.rs_pass > asite.dyndns.org::rsync/leo/scripts /tmp > @ERROR: auth failed on module rsync > rsync error: error starting client-server protocol (code 5) at > main.c(1522) [receiver=3.0.3] > I have never used password files like that-- sounds increadibly insecure. But you can have passwordless (RSA or DSA ) ssh and do it that way. (do not use the :: but just the : form of rsync.) Ie, use the authorized_hosts file on the far machine. > ... > > Feb 9 18:19:42 vault rsyncd[18918]: connect from UNKNOWN (xx.xx.xx.xx) > Feb 9 18:19:43 vault rsyncd[18918]: auth failed on module rsync from > unknown (xx.xx.xx.xx): password mismatch ^^^^^^^^^^^^^^^^^ That is a clue. Not sure what it means though. > > Any clues?
From: J G Miller on 9 Feb 2010 16:15 On Tue, 09 Feb 2010 18:28:40 +0000, The Natural Philosopher wrote: > everything works except using a local password file to send the password Why are you using passwords and password files, and not ssh with DSA keys (with or without pass phrase protection)?
From: The Natural Philosopher on 10 Feb 2010 14:59
J G Miller wrote: > On Tue, 09 Feb 2010 18:28:40 +0000, The Natural Philosopher wrote: > >> everything works except using a local password file to send the password > > Why are you using passwords and password files, and not ssh with DSA keys > (with or without pass phrase protection)? rsync is encrypted anyway. and its a less likely socket to probe than ssh. and the thing will only accept connections from one IP address. Both at the router firewall level on the router, IP tables on the box, and indeed on rsyncd itself. Belt, braces and a safety pin. |