What's the syntax and prerequisite for --password-file option in rsync?

Question

I want to store --password-file option that comes with rsync. I don't want to use ssh public_private key encryption. I have tried this command:

rsync -avz --progress --password-file=pass.txt source destination

This says:

The --password-file option may only be used when accessing an rsync daemon.

So, I tried using:

rsync -avz --progress --password-file=pass.txt source destination rsyncd --daemon

But this return various errors like unknown options. Is my sytanx correct? How do I setup rsync daemon in my Debian machine.

Answer 1

After trying a while, I got this to work. Since Im copying from my live server (and routers data) to my local server in my laptop as backup user no problem with password been unencrypted, its secured wired on my laptop at home. First you need to install sshpass if Centos with yum install sshpass then create a user backup and assign a temp password. I listed the -p option in case your ssh port is different than default.

sshpass -p 'password' rsync -vaurP -e 'ssh -p 2222'  backup@???.your.ip.???:/somedir/public_data/temp/ /your/localdata/temp

Understand SSH RSA is a better permanente alternative and all that, but this is a quick alternative to backup and restore on the go. It works if you are not too concern about security but more concern about your data been backup locally as in an emergency o data recovery. Your user backup password you can change it once the backup is completed. Its a lot faster to setup when your servers change IPs, users, and its in constant modifications (as routers change config and non static IPs, also when routers are not local and you are backing up clients servers locally, where you dont have always access to do SSH. Some of my clients dont even have SSH installed and they dont want to hassle with creating public keys. On some servers only where you have access on a temporary basis. By the way, if you want to do the restore, just reverse the case. Dont need change much, from the same command shell you can do it reversing the order of target and source directories, and creating another backup user with same temp password on the target. After finish, you delete the backup user or change its passwords on target and/or source servers. You can protect even further, as I have done, replacing the password for a one line file using a bash script for multi server environment. Alternative is to use the -f option so the password does not show in the bash history -f "/path/to/passwordfile" Regards

NOTE: If you want to update only modified files then you should use this parameters -h -v -r -P -t as described here https://unix.stackexchange.com/questions/67539/how-to-rsync-only-new-files

Answer 2

rsync -arv -e \
    "sshpass -f '/your/pass.txt' ssh -o StrictHostKeyChecking=no" \
    --progress /your/source id@IP:/your/destination

Maybe you have to install "sshpass" if you not.

Answer 3

That is correct,

--password-file is only applicable when connecting to a rsync daemon.

You probably haven't set it in the daemon itself though, the password you set and the one you use during that call must match.
Edit /etc/rsyncd.secrets, and set the owner/group of that file to root:root with world reading permissions.

#/etc/rsyncd.secrets
root:YourSecretestPassword

To connect to a rsync daemon, use a double colon followed by the module name, and the file or folder to synchronize (instead of a colon when using SSH),

RSYNC_PASSWORD="YourSecretestPassword"; rsync -rtv user@remotehost::module/source/ destination/ 

NOTE:

• this implies abdicating SSH encryption, though the password itself is not sent across the network in plain text, your data is ...
• this is already insecure as is, never as the the same password as any of your users account.
• For a better understanding of its inner workings (how to give specific IPs/processes the ability to upload to specified areas of the filesystem without the need for a user account): http://transamrit.net/docs/rsync/