Monthly Archives: July 2012

Automatic and Secure rsync over SSH

Let’s you want to set up an automatic rsync over ssh to a remote server, but you want to do it in a secure way.

Using rsync over ssh is a convenient way to have all of the power of rsync for synchronizing files, comparing differences, doing backups, without having to set up an rsync server.

Here is an example of using rsync in this manner, which will make the destination match the source exactly:

 rsync -a --delete -e "ssh" SOURCE DESTINATION

The problem is this won’t be automatic because ssh will prompt you for your ssh username and password. That means you can’t use rsync in a script, such as a cron job. To get around this, you can set up an ssh key and copy that to the remote server. To do this, you have to set up an ssh key and copy it to the remote server. This is done by running ssh-keygen, and then leaving the passphrase field empty when it prompts you:

username@local-server:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
bc:ff:a0:c6:f3:33:36:c2:3a:9b:19:20:22:a4:a1:f8 username@local-server
The key's randomart image is:
username@local-server:~$

Then you normally copy the contents of the /home/username/.ssh/id_rsa.pub file to the /home/username/.ssh/authorized_keys file on the remote server you want your rsync to be able to access.

You can test this by then using ssh with your new key:

 ssh username@remote -i /home/username/.ssh/id_rsa

If that works, your ssh key is working. (If you leave off the -i PATH_TO_KEY option, it will work if the key is named with the defaults).

This method works fine, except it isn’t secure. If anyone gets ahold of your private key, they will also have full access to your account on the remote server without any password required. To make it more secure, you can take advantage of the ssh feature that limits you to one command.

The best way to do this, is to find out exactly what command rsync runs on the remote server when it runs. To do this, run your rsync with -vv, turning on very verbose mode:

 rsync -a -vv --delete -e "ssh -i /home/USERNAME/.ssh/rsync_id_rsa" SOURCE DESTINATION

Then look at the first line rsync returns. It should be something like:

opening connection using: ssh -p 4022 -l username remote-server rsync --server --sender -vvlogDtpre.iLsf . /var/www

What you are interested in, is the rsync command and everything after it. In this case:

rsync --server --sender -vvlogDtpre.iLsf . /var/www

On the remote server, find the line where you copied your ssh key in the /home/username/.ssh/authorized_keys file and prepend this specific command to it in the “command” section. For good measure, you can include other security features. Here is an example:

command="rsync --server --sender -vvlogDtpre.iLsf . /var/www",no-port-forwarding,no-pty,no-agent-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDs/DqwIOWrf6K8yUPOMx22jx2vDTnXa9HvAobK1gw5I0Dx/z/HJdr7s2Iopcb7kdEBRJ9xQKWvc6lvdtdxDmSXc7a5WWjV9/2IaZGpJC0GDw79 username@local-server

Keep in mind that the whole thing needs to be on one line, or if you need to put it on more than one line, use the \ character at the end of each line.

That will make so only that specific rsync command can run, thereby securing your rsync connection.

Call out to Early Adapters: Could Smart Stickers Add Value to Your Business?

Smart stickers, or programmable tags, are low-cost pieces of paper or plastic that can communicate with gadgets via a short-range radio technology called near field communication, or NFC. They can be customized to trigger an action on any phone with an NFC chip. According to IHS iSuppli, 186 million NFC-enabled phones will be shipped in 2012, up from 93 million last year. The tags can be purchased through various websites; either bare-bones for a few dollars a piece or $20 or more dollars a piece for tags pre-programmed to do a specific task. Amazon is soon expected to offer the tags with varying program options.

The business potential for smart stickers is tremendous. Use of these stickers is a fresh and intuitive way to attrack smart phone users. Smart Stickers can be attached to shop windows or doors for an eye-catching ‘call to action’ to engage consumers. Smartphone users can ‘tap’ their mobile phone to retrieve details of a property from real estate agents, download a restaurant’s menu, call a taxi or claim an incentive voucher relating to a window advertisement even when the business is closed. The possibilities are only limited by a business’s imagination.

Guru technologies already has the know-how to program Smart Stickers. We are looking forward to opportunities to work with companies on the cutting edge, looking for innovative ways to market to customers.

Source information:

  • Bloomberg Businessweek July 16-July 22, 2012 issue “Plastering the World with Smart Stickers”
  • http://news.yahoo.com/smart-poster-ltd-launches-nfc-smart-stickers-080001576.html