Friday, 26 April 2013

rsync/ssh without entering password


Long time back, I got a task to create DR for one of our production sites. The site  was running on a Ubuntu server and using MySQL and PHP. Replicating DB was not an issue as MySQL was built in with easiest replication technology. But problem was with syncing the Application’s files. We didn’t have any tool to do this task. So I decided to implement it using Linux’s built in rsync command.


But problem was that I have to sync using a cron job and shell script. But rsync asks for password of the user (with which I will connect the primary site), and entering password interactively in my cron job’s shell script was not possible.

The workaround was to set up a pair of ssh keys and put the public key in the remote system's .ssh directory.

For this example I have created one user rsync_user which will connect to the primary server and sync the files.

I will run rsync command on the DR site (Say IP, it will connect the Primary Site (Say IP and sync the local directory of the DR site with the remote directory of the Primary site.


Steps to be done:

On the computer DR site (Say IP

So on the DR site, login as the user that will connect the primary, in my case I will use my rsync_user user for this purpose.

Now run the command ssh-keygen to generate the keys.

$ ssh-keygen -t rsa

This will create the .ssh directory inside the home directory of the user (if already not present). When this command asks for passphrase, just press enter, do not enter any passphrase.


The above command will create a private key and a public key.


id_rsa is the private key and check the permission for this key. If the permission is not 600 then change the permission.

chmod 600 id_rsa

Now copy the file to the Primary Site (this is where I will connect using rsync).


On the computer Primary site (Say IP

I have copied the file to the home directory of the rsync_user.


If .ssh folder is not present, then create it. Then add the key of the DR server into the authorized_keys file. If the file is not present then it will be created by the command cat >> .ssh/authorized_keys 



That’s it, we are set to connect through rsync/ssh without entering password.

On the DR server, I will run the rsync/ssh command. Before scripting, manually run the command once, so that the primary site is added to the .ssh/known_hosts file.


Now run the rsync command on the DR site.


Also we can connect ssh sessions without entering password.


All set, now I can add the shell script to sync my site’s folder. The sample script is (filename: /home/rsync_user/scripts/

echo "File sync started at" >> /home/rsync_user/scripts/files_sync.log
date >> /home/rsync_user/scripts/files_sync.log

rsync -rtvupgo --delete  rsync_user@ /var/www/ >> /home/rsync_user/scripts/files_sync.log

echo "File sync completed" >> /home/rsync_user/scripts/files_sync.log
echo "" >> /home/rsync_user/scripts/files_sync.log

Create a cron job to do the sync say in every 5 minutes:


crontab –e

and add the following line:

*/5 * * * *  sh /home/rsync_user/scripts/

We are ready with our requirement Smile