tags:

views:

450

answers:

1
+1  Q: 

OS X run rsync under sudo using ssh_config

I want to set up an automatic rsync job to backup a bunch of user accounts on my OS X machine to a linux fileserver. I have set up password-free ssh from my account to another machine, and it works great, so I tried using this command:

sudo rsync -avz /Users/jbloggs myserv:/var/Backup/

where myserv is an alias set up in my ~/.ssh/config. The problem I have is that I have to use sudo to get that command to work -- under my personal account I don't have access to the other users' home directories to copy files for backup. That command works fine on my own account without sudo, but when I run under sudo it's not looking at my ~/.ssh/config any more (so it complains about "unknown host myserv").

How can I get the rsync running under sudo to still look at my personal ~/.ssh/config?

Thanks!

+3  A: 

You can use

ssh -i /Users/myuser/.ssh/id_rsa -F /Users/myuser/.ssh/config login@host

to let ssh use your config / key files. Use "-v" to check which file it is using. You could also copy your configuration / id to /var/root/.ssh, which will be used by default when using ssh via sudo.

To pass these options to rsync, you have to set the "--rsh" / "-e" like this:

rsync -e "ssh -i ... -F ..."
VolkA  2008-11-23 13:47:51
Cool, thanks for that. In the general case (if this wasn't a home computer) then copying my ssh_config over to /var/root would be a security hole, no? It means that anyone with sudo access could connect to the remote host using that config?
Stewart Johnson  2008-11-24 09:19:31
Well, the security hole is inherent, since you want to batch-copy files to the remote computer and use an unencrypted private key for that. Anyone with sudo access to a computer where your unencrypted key is stored will be able to ssh into the remote pc. (And with some work also the encrypted key)
VolkA  2008-11-24 14:25:57
So the best way to go is to generate a new key which only has access to the backup account - so in case your key gets lost only this account is compromised.
VolkA  2008-11-24 14:26:48

related questions

Any pitfalls developing C#/.NET code in a Virtual Machine running on a MAC?
Height of NSTextView with one line?
What could prevent OpenGL glDrawPixels from working on some video cards?
What's a good machine for iPhone development?
MacPorts or Fink?
How to Stop NTFS volume auto-mounting on OS X
Any ReSharper equivalent for Xcode?
Rich GUI OS X Frameworks?
How do I open the default mail program with a Subject and Body in a cross-platform way?
Developer Setup for Starting Out with Cocoa/Mac Programming
Drawing a view hierachy into a specific context in Cocoa
Why is the PyObjC documentation so bad?
_wfopen equivalent under Mac OS X
Reading Other Process' Memory in Mac OS / BSD
better command for Windows?
Keep Remote Directory Up-to-date
How do I configure a Vista Ultimate (64bit) account so it can access a SMB share on OSX?
Programmatically talking to a Serial Port in OS X or Linux
I have some RAM to burn - any suggestions?
SQL Client for Mac OS X that works with MS SQL Server
How to tab between buttons on an Mac OS X dialog box
How to tab focus onto a dropdown field in Mac OSX
How-to articles for iPhone development, Objective-C
What are the preferred versions of Vim and Emacs on Mac OS X?
Best subversion client for Mac OS