412

I need to make periodic backups of a directory on a remote server which is a virtual machine hosted by a research organisation. They mandate that access to VMs is through ssh keys, which is all good, except that I can't figure out how to point rsync to the ssh key for this server.

Rsync has no problem if the key file is ~/.ssh/id_rsa, but when it is something else I get Permission denied (publickey).

With ssh I can specify the identity file with -i, but rsync appears to have no such option.

I have also tried temporarily moving the key on the local machine to ~/.ssh/id_rsa, but that similarly does not work.

tl;dr

Can you specify an identity file with rsync?

Jangari
  • 4,538
  • 4
    Useful also in order to do sudo rsync, which doesn't use one's own ssh keys, for some reason. – ijoseph Jul 27 '18 at 21:19
  • 1
    @ijoseph Exactly, I use rsync -aAP "sudo -u user ssh" user@server:dir local_dir when syncing from cron scripts which run as root – Martin Pecka Dec 11 '18 at 14:16

4 Answers4

681

You can specify the exact ssh command via the '-e' option:

rsync -Pav -e "ssh -i $HOME/.ssh/somekey" username@hostname:/from/dir/ /to/dir/

Many ssh users are unfamiliar with their ~/.ssh/config file. You can specify default settings per host via the config file.

Host hostname
    User username
    IdentityFile ~/.ssh/somekey

In the long run it is best to learn the ~/.ssh/config file.

Dan Garthwaite
  • 8,176
  • Does not help for me to have the IdentityFile in ssh_config. I can "ssh web1" without problems, but when using rsync to web1:... it fails with "Permission denied (publickey)". – Zitrax Oct 14 '14 at 07:28
  • 2
    Try turning up verboseness of the ssh transport: rsync -e 'ssh -vv' web1:/etc/issue /tmp/issue – Dan Garthwaite Oct 14 '14 at 14:49
  • I did, log shows it use the correct key but it does not ask me for the passphrase and thus fails (or so it seems to me). – Zitrax Oct 14 '14 at 20:53
  • 1
    Ah. If you are automating this and will not be able to supply a password you will need an additional passwordless ssh key configured at both ends. If you would like rsync to work without a password in an interactive session you will need to use ssh-agent. – Dan Garthwaite Oct 14 '14 at 21:48
  • "remote" is to be replaced with the hostname. Might seem obvious to some but it wasn't for me because I tried specifying the hostname in the -e option. – Marcel Burkhard May 03 '16 at 17:36
  • @MarcelBurkhard: Thanks - I rewrote it for what is likely the common scenario. – Dan Garthwaite May 05 '16 at 12:40
  • Using single tick quotes and ~ I encountered error "Warning: Identity file ~/.ssh/somekey not accessible: No such file or directory." e.g. -e 'ssh -i ~/.ssh/somekey'. Using double quotes and $HOME instead of ~ worked ok. e.g. -e "ssh -i $HOME/.ssh/somekey". This is on redhat/bash. – gaoithe Feb 09 '17 at 13:13
  • A word of warning with using the -e method. Using rsync on cygwin on windows - using -e cut my copy throughput in half. Using an ssh-agent with a key was much much faster. No idea why. – WirthLuce Feb 11 '17 at 02:32
  • 57
    Duuuuuuude! the ~/.ssh/config file - you have opened a new universe for me! – demaniak Jun 29 '17 at 20:38
  • 2
    ~/.ssh/config saved me the day, thanks a lot. – smishra Jun 12 '18 at 15:57
  • Better syntax when defining host as hostid in .ssh/config: rsync -e hostid:/path/ /path/ – Jortstek Oct 11 '18 at 15:27
  • If you want to do the opposite - to send from your local machine to the server - you just need to reverse the order like this: rsync /from/dir/ -Pav -e "ssh -i $HOME/.ssh/somekey" username@hostname:/to/dir/ – tsveti_iko May 27 '19 at 13:17
  • This was not working for me until I used sudo in the ssh command as below rsync -Pav -e "sudo ssh -i $HOME/.ssh/somekey" username@hostname:/from/dir/ /to/dir/ – Akanni Sep 28 '19 at 12:05
  • 5
    In my case for ~/.ssh/config to work I had to do chmod 600 ~/.ssh/config – Tono Nam Oct 21 '19 at 04:21
  • or rsync -avzP -e ... – Vasilii Suricov Mar 17 '21 at 12:02
  • That was awesome.. thank you and rsync – Abdul Saleem May 21 '21 at 13:57
  • you're my hero! – Rami Jan 24 '24 at 15:28
26

This can be done with SSH user config see: http://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/ basically edit ~/.ssh/config:

$ nano ~/.ssh/config
#Add Hosts below 
Host server1
HostName examplehost.com
User username
Port 22
IdentityFile /path/to/key

$ rsync -e ssh /home/user/directory user@remote.host.net:home/user/directory/

This should work for any program using SSH, rsync,

Cbaker510
  • 423
14

For me it was sufficient to start the ssh-agent as follows:

eval `ssh-agent -s`
ssh-add /path/to/mykey

See also a longer answer here https://stackoverflow.com/questions/17846529/could-not-open-a-connection-to-your-authentication-agent

Community
  • 1
pietro
  • 241
4

FYI:

1) The public key is always in the home directory of the user logging in to remote server i.e. if you login as "backup" it is located at /home/backup/.ssh/authorized_keys. User ID when you login defines the public key used at the destination.

You can choose the user ID when making connection by two different ways:

ssh user_id@destination.server
or
ssh -l user_id  destination_server     (<-- that is lower case "L")

On the other hand at your end the private key is in a similar way in homedir of user unless you override it like described in Dan's answer.

2) For backup purpose it may be desirable to create a restricted key which is limited to run just one command like "rsync". There is a good description about that related to "rsnapshot" backup which allows you to remote backup entire server using non privileged user account and "sudo":

"rsnapshot" howto

Rsnapshot can easily backup a bunch of remote or local servers making it handy scheduled & centralised backup server.

ajaaskel
  • 424