How to pass password automatically for rsync SSH command?

Question

I need to do rsync by ssh and want to do it automatically without the need of passing password for ssh manually.

Answer 1

The official solution (and others) were incomplete when I first visited, so I came back, years later, to post this alternate approach in case any others wound up here intending to use a public/private key-pair:

Execute this from the target backup machine, which pulls from source to target backup

rsync -av --delete -e 'ssh -p 59333 -i /home/user/.ssh/id_rsa' user@10.9.9.3:/home/user/Server/ /home/user/Server/

Execute this from the source machine, which sends from source to target backup

rsync -av --delete -e 'ssh -p 59333 -i /home/user/.ssh/id_rsa' /home/user/Server/ user@10.9.9.3:/home/user/Server/

And, if you are not using an alternate port for ssh, then consider the more elegant examples below:

Execute this from the target backup machine, which pulls from source to target backup:

sudo rsync -avi --delete user@10.9.9.3:/var/www/ /media/sdb1/backups/www/

Execute this from the source machine, which sends from source to target backup:

sudo rsync -avi --delete /media/sdb1/backups/www/ user@10.9.9.3:/var/www/

If you are still getting prompted for a password, then you need to check your ssh configuration in /etc/ssh/sshd_config and verify that the users in source and target each have the others' respective public ssh key by sending each over with ssh-copy-id user@10.9.9.3.

(Again, this is for using ssh key-pairs without a password, as an alternate approach, and not for passing the password over via a file.)

Answer 2

You should use a keyfile without passphrase for scripted ssh logins. This is obviously a security risk, take care that the keyfile itself is adequately secured.

From Instructions for setting up passwordless ssh access:

1. Run ssh-keygen
   It will ask for a path to the key file, a passphrase, and a repeat of the same passphrase. Answer all three by just pressing Enter (accepting the defaults).

2. Run ssh-copy-id -i ~/.ssh/id_rsa.pub <remote-host>
   The path ~/.ssh/id_rsa.pub to the public key file may be different if you chose another path in step 1. Replace <remote-host> with the IP or hostname of the remote host you want to log in to.

3. Run ssh <remote-host>
   The remote host should not ask for a password, and you should be logged in to the remote host.

Answer 3

Here's a secure solution using a gpg encrypted password.

1.Create a .secret file containing your password in the same folder as your rsync script using the command:

echo 'my-very-secure-password' > .secret

Note that the file is hidden by default for extra security.

2.Encrypt your password file using the following gpg command and follow the prompts:

gpg -c .secret

This will create another file named .secret.gpg. Your password is now encrypted.

3.Delete the plain text password file

rm .secret

4.Finally in your rsync script use gpg and sshpass as follows:

gpg -dq secret.gpg | sshpass rsync -avl --mkpath /home/john user_name@x.x.x.x/home

The example is syncing the entire home folder for the user named john to a remote server with IP x.x.x.x

Answer 4

Exposing a password in a command is not safe, especially when using a bash script, if you tried to work with keyfiles thats will be nice. create keys in your host with ssh-keygen and copy the public key with ssh-copy-id "user@hostname.example.com and then use rsync addin the option -e "ssh -i $HOME/.ssh/(your private key)" to force rsync using ssh connection via the the private key that you create earlier.

example :

rsync -avh --exclude '$LOGS' -e "ssh -i $HOME/.ssh/id_rsa" --ignore-existing $BACKUP_DIR $DESTINATION_HOST:$DESTINATION_DIR;

Answer 5

I got it to work like this:

sshpass -p "password" rsync -ae "ssh -p remote_port_ssh" /local_dir  remote_user@remote_host:/remote_dir

Answer 6

The following works for me:

SSHPASS='myPassword'
/usr/bin/rsync -a -r -p -o -g --progress --modify-window=1 --exclude /folderOne -s -u --rsh="/usr/bin/sshpass -p $SSHPASS ssh -o StrictHostKeyChecking=no -l root"  source-path  myDomain:dest-path  >&2

I had to install sshpass

Answer 7

Another interesting possibility:

1. generate RSA, or DSA key pair (as it was described)
2. put public key to host (as it was already described)
3. run:

rsync --partial --progress --rsh="ssh -i dsa_private_file" host_name@host:/home/me/d .

Note: -i dsa_private_file which is your RSA/DSA private key

Basically, this approach is very similar to the one described by @Mad Scientist, however you do not have to copy your private key to ~/.ssh. In other words, it is useful for ad-hoc tasks (one time passwordless access)

Answer 8

Use a ssh key.

Look at ssh-keygen and ssh-copy-id.

After that you can use an rsync this way :

rsync -a --stats --progress --delete /home/path server:path

Answer 9

You can avoid the password prompt on rsync command by setting the environment variable RSYNC_PASSWORD to the password you want to use or using the --password-file option.

Answer 10

I use a VBScript file for doing this on Windows platform, it servers me very well.

set shell = CreateObject("WScript.Shell")
shell.run"rsync -a Name@192.168.1.100:/Users/Name/Projects/test ."
WScript.Sleep 100
shell.SendKeys"Your_Password"
shell.SendKeys "{ENTER}"

Answer 11

Following the idea posted by Andrew Seaford, this is done using sshfs:

echo "SuperHardToGuessPass:P" | sshfs -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@example.com:/mypath/ /mnt/source-tmp/ -o workaround=rename -o password_stdin
rsync -a /mnt/source-tmp/ /media/destination/
umount /mnt/source-tmp

Answer 12

Automatically entering the password for the rsync command is difficult. My simple solution to avoid the problem is to mount the folder to be backed up. Then use a local rsync command to backup the mounted folder.

mount -t cifs //server/source/ /mnt/source-tmp -o username=Username,password=password
rsync -a /mnt/source-tmp /media/destination/
umount /mnt/source-tmp

Answer 13

If you can't use a public/private keys, you can use expect:

#!/usr/bin/expect
spawn rsync SRC DEST
expect "password:"
send "PASS\n"
expect eof
if [catch wait] {
    puts "rsync failed"
    exit 1
}
exit 0

You will need to replace SRC and DEST with your normal rsync source and destination parameters, and replace PASS with your password. Just make sure this file is stored securely!

Answer 14

Though you've already implemented it by now,

you can also use any expect implementation (you'll find alternatives in Perl, Python: pexpect, paramiko, etc..)

Answer 15

Use "sshpass" non-interactive ssh password provider utility

On Ubuntu

 sudo apt-get install sshpass

Command to rsync

 /usr/bin/rsync -ratlz --rsh="/usr/bin/sshpass -p password ssh -o StrictHostKeyChecking=no -l username" src_path  dest_path