Build Secure rsync

Article Title: Build Secure rsync. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

As security requirements increase, sftp or scp is gradually adopted to replace ftp. However, scp/sftp may be interrupted due to network conditions. Therefore, it is not only troublesome but also a waste of bandwidth and time to copy files. Here, we use rsync over ssh, which is secure and convenient, because rsync supports resumable data transfer.

Configure rsyncd. conf

Rsyncd. conf can be directly used simply by making a simple judgment. I will post my own example:

#/Etc/rsyncd. conf # General settings Uid = nobody Gid = nobody Use chroot = no Max connections = 5 # Set logs Syslog facility = local5 Pid file =/var/run/rsyncd. pid # Multiple methods to set the license hosts list Hosts allow = 192.168.0.1, 192.168.0.2, 192.168.1.0/255.255.255.0 # Setting the rsyncd directory [Backup] Path =/home/yejr/ # If you can upload files at the same time, set read only to false. Read only = false

Because rsync over ssh is used, you do not need to start the rsyncd instance, but use ssh for rsync, which is very simple. Note that the above read only = false. Many people may think that rsync can only be used for downloading and cannot be uploaded. Otherwise, you can use rsync to upload files after setting it.

Let's look at the example below.

Use

Download files

Rsync-P-av -- timeout = 10 -- rsh = "ssh-l yejr" 192.168.0.84: backup/yejr/ /Home/yejr/

Download all the files in the/home/yejr/directory on the server to the local directory/home/yejr.

Here, you need to pay attention to whether the directory name is followed by the Directory decomposition character/. If yes, only the files in the directory are processed. If not, the directory name itself is also downloaded.

Upload files

Rsync-P-av -- timeout = 10 -- rsh = "ssh-l yejr"/home/yejr/ 192.168.0.84: backup/yejr/

Upload the files in the/home/yejr/directory to the/home/yejr/Server, that is,/home/yejr /*.

Upload directory structure

Rsync-P-av -- timeout = 10 -- include '*/' -- exclude '*' -- rsh = "ssh-l yejr" /Home/yejr/192.168.0.84: backup/yejr/

Or

Rsync-P-av -- timeout = 10 -- include '*/' -- exclude '*' -- rsh = "ssh-l yejr" 192.168.0.84: backup/yejr // home/yejr/

In some cases, we need to synchronize the directory structure without uploading/downloading files.

In the above example, I have used the ssh key method to establish a trust relationship, so no password needs to be entered each time.