Rsync from a FreeBSD Server to a FreeBSD Shell Account

rsync logo

Foreword:

Recently, a need to utilize rsync to synchronize  various FreeBSD configuration files to a FreeBSD shell account at our BSD-based hosting services company necessitated this post to document the basic setup and configuration.

Rsync is normally used to synchronize files and directories between two systems.  In our setup, key-based authentication is utilized instead of using passwords.  Additionally, crontab setup for continuous synchronization is demonstrated.

 

Prerequisites:

Root access to a FreeBSD Server to act as the client and a FreeBSD shell account to act as the repository of file synchronization are required.  A FreeBSD shell account is simply a user account on a remote FreeBSD Server which give access to a shell via SSH.  Additionally, the FreeBSD Server requires rsync installed and configured as a client.

 

SSH Client Login:

On the FreeBSD Server, login as root via the console:
FreeBSD/amd64 (bsd220.loga.us) (ttyv0)

login: root
Password:XXXXXXXX

..............

root@bsd220:~ #
Next, from the FreeBSD Server root console, SSH into the FreeBSD shell account, in our case [shelluser@192.168.0.100]:
root@bsd220:~ # ssh shelluser@192.168.0.100
Password for shelluser@192.168.0.100

..............

[shelluser@backup ~]$

 

Installing Rsync as a Client:

Use pkg to install rsync on the FreeBSD server:

The FreeBSD server will act as the client to the FreeBSD shell account machine, therefore, rsync installation is required. No configuration is necessary since it will be utilized as a client.

root@bsd220:/ # pkg install rsync
Updating poudriere repository catalogue...
poudriere repository is up-to-date.
All repositories are up-to-date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
 rsync: 3.1.2_6
 libiconv: 1.14_10

Number of packages to be installed: 2

The process will require 3 MiB more space.
881 KiB to be downloaded.

Proceed with this action? [y/N]: y
Fetching rsync-3.1.2_6.txz: 100% 288 KiB 294.5kB/s 00:01 
Fetching libiconv-1.14_10.txz: 100% 594 KiB 607.9kB/s 00:01 
Checking integrity... done (0 conflicting)
[1/2] Installing libiconv-1.14_10...
[1/2] Extracting libiconv-1.14_10: 100%
[2/2] Installing rsync-3.1.2_6...
[2/2] Extracting rsync-3.1.2_6: 100%
root@bsd220:/ #

 

Generate RSA Authentication Keys:

The first operation is to generate the key on the client machine, your FreeBSD Server, by running the following command:

When you see ‘Enter passphrase (empty for not passphrase):’ Just hit the enter key then the confirmation ‘Enter same passphrase again:’ is displayed.  Again, just hit the enter key.  In short order, the output from the command should give you an similar output as shown below:

# ssh-keygen -t rsa -b 4096 -C "bsd220.loga.us"

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase. 
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:54Xm9Uvtv6H4NOo6yjP/YCfODryvUU7yWHzMqeXwhq8 user@host.example.com
The key's random art image is:
+---[RSA 4096]----+
|                 |
|                 |
|                 |
|        . o..    |
|       .S*+*o    |
|      . O=Oo . . |
|       = Oo= oo..|
|      .oB.* +.oo.|
|       =OE**.o..=|
+----[SHA256]-----+
Additional information about the above command:
  • ‘ssh-keygen -t rsa’ invokes the ssh-keygen utility to create an rsa protocol version 2 authentication key.
  • ‘-b 4096’ specifies the number of bits in the key to create.  2048 is general considered sufficient, but 4096 bits provides additional security.
  • ‘-C “bsd220.loga.us”‘  provides a comment making key identification easier.
  • No passphrase is utilized.
  • Keys are stored in root’s .ssh directory
  • For additional information, please review the man page for ssh-keygen.

 

SCP Authentication Keys:

Next, use scp to securely copy the file .ssh/id_rsa.pub from the FreeBSD Server to the FreeBSD shell account machine.
# scp .ssh/id_rsa.pub shelluser@192.168.0.100:.ssh/authorized_keys
After the scp command is issued the following output is observed:
id_rsa.pub                           100%  740     0.7KB/s   00:00
Additional information about the above commands:
  • Private key is stored in ~/.ssh/id_rsa on the FreeBSD Server
  • Public key is stored in ~/.ssh/id_rsa.pub on the FreeBSD Server
  • The public key must be copied from the FreeBSD Server to ~/.ssh/authorized_keys file on the remote machine, the FreeBSD shell account, for key-based authentication to work.

 

Verify Key-Based Authentication

To determine if the key works,  from the FreeBSD Server root console, SSH into the FreeBSD shell account, in our case, [shelluser@192.168.0.100] and verify login occurs without a password prompt.

 

root@bsd220:~ # ssh shelluser@192.168.0.100

..............

[shelluser@backup ~]$

 

Crontab:

Initiating the rsync command everyday at 0900 and syncing the local user download folder from the FreeBSD Server to the remote shell account, add the following to crontab -e.
# Backup every day - /usr/home/user/download
00 09 * * * /usr/local/bin/rsync -avz --delete /usr/home/user/download -e ssh shelluser@192.168.0.100:/home/shelluser/ >> /dev/null 2>&1
Additional information about the above command:
  • 00 and 09 represent the minute and hour respectively.
  • -avz represents archive, verbose, and compression respectively.
  • –delete deletes extraneous files from the destination directory.
  • -e specifies the remote shell to use – ssh
  • /dev/null 2>&1 keeps crontab quiet

 

Summary:

Rsync is a powerful utility when combined with SSH.  Key-Based Authentication aids in the management of rsync so passwords are not required.  With crontab, a schedule of synchronization of files between two machines is possible and pragmatically a necessity.

 

References:

FreeBSD man pages:  man ssh-keygen, man ssh, man crontab

Rsync Home Page: https://rsync.samba.org

Leave a Reply

Your email address will not be published.