[Discuss] rsync issue

Wed Nov 2 09:57:06 EDT 2022

> On Tue, Nov 1, 2022, 4:30 PM dan moylan <jdm at moylan.us> wrote:

>> i have two home computers: aldeberan and alphacent, as well
>> as a remote website moylan.us, aka 50.87.218.82.  some four
>> years ago (almost) dan ritter gave me instructions for
>> setting up passwordless rsync amongst the lot.  it's worked
>> like a charm ever since, except now.  alphacent is a new
>> thinkpad T470 and it seems not to work there.  i've set up
>> .ssh the same on all three:
>>
>> -rw-------. 1 moylan moylan  539 221101:1436 authorized_keys
>> -rw-------. 1 moylan moylan 2.4K 221031:1623 known_hosts
>> -rw-------. 1 moylan moylan 1.8K 221031:1615 rsync.key
>> -rw-r--r--. 1 moylan moylan  521 221101:1518 rsync.key.pub
>>
>> where the files are all identical, except for known_hosts.
>>
>> i have a little command script, which downloads foo
>> passwordless on aldeberon, but not alphacent -- gotta put a
>> password in there.
>>
>> #! /bin/bash
>> # downsync
>>   hml=/home3/moylanus
>>   hmr=moylanus at 50.87.218.82
>>   opt="-rlptgozE --delete"
>>   rsync $opt $hmr:foo $hml
>>
>> and though this works fine on aldeberon itself, it doesn't
>> work passwordless on an ssh aldeberon window on alphacent.
>>
>> i haven't a clue as to what's going on.  any suggestions?

> derek atkins writes:
> Have you tried running ssh with -v?
> Going out on a limb, what do you get from:
> ls -la $HOME/.ssh

> Initial guess is that .ssh dir is not mode 0700, and SSH doesn't like that.

moylan 2022[837] ls -la ~/.ssh
total 20
drwx------. 1 moylan moylan  102 221101:1518 ./
drwxr-xr-x. 1 moylan moylan  362 221101:1547 ../
-rw-------. 1 moylan moylan  539 221101:1436 authorized_keys
-rw-------. 1 moylan moylan 2401 221031:1623 known_hosts
-rw-------. 1 moylan moylan 1824 221031:1615 rsync.key
-rw-r--r--. 1 moylan moylan  521 221101:1518 rsync.key.pub

moylan 2022[838] ls -ld ~/.ssh
drwx------. 1 moylan moylan 102 221101:1518 /home/moylan/.ssh/

> rich pieri writes:
> This is the first thing to check. Also check the permissions all the
> way up to the root of the file system. $HOME/.ssh and $HOME must be
> owned by you, and $HOME must be no more open than mode 755. /home and /
> must be owned by root and no more open than mode 755. OpenSSH will
> reject keys if the file system permissions do not meet this minimum.

moylan 2022[840] ls -ld /home*
drwxr-xr-x. 1 root root 12 221101:1810 /home/
drwxr-xr-x. 1 root root 16 221031:1003 /home3/

moylan 2022[841] ls -ld /home*/moylan*
lrwxrwxrwx. 1 root   root    13 221031:1003 /home3/moylanus -> /home/moylan//
drwxr-xr-x. 1 moylan moylan 362 221101:1547 /home/moylan/

> If permissions are good then check your key types. DSA keys are dead
> and are rejected by OpenSSH. Generate and use ED25519 or RSA keys.

key types are RSA.

> If key types are good then check key lengths. Too-short keys may be
> rejected. If this is the case then you will need to generate new keys
> of sufficient length.

the length is good enough on aldeberan, should be good on alphacent.

> jerry feldman writes:
> Use the ash command to test. Make sure all your keys are in authorized
> keys. Ssh has a debug level where you can see the fail
> ssh -v
> You can use up to 3 letters v.
> ssh -vvv

there is no problem with ssh -- alphacent and aldeberon both
ssh into 50.87.218.82 with no issues, passwordless.

i'm still puzzled by the curious fact that the downsync
script shown in the original post works passwordless on
aldeberon, but not in an aldeberon window on alphacent. nor
does it work in an alphacent window on aldeberon.  that
should offer a clue to someone more knowledgeable than i.

ole dan

j. daniel moylan
84 harvard ave
brookline, ma 02446-6202
617-777-0207 (cel old ng)
857-396-9950 (cel new)
jdm at moylan.us
www.moylan.us
[BLM]