Rsync Introduction
First, what is rsync
rsync is an open source, fast, versatile excellent tool for incremental local or remote data mirroring backup synchronization can be achieved. For multiple platforms. Can be seen from the name of the software is meant to synchronize remotely (remote sync). Allows different partitions or directories between the local host and local data between two hosts and remote fast synchronous mirroring, remote backup functions.
When you synchronize a backup, by default, rsync through its unique "quick check" algorithm, synchronize only the size or last modified a file or directory time changes (also according to the permissions, owner and other changes synchronization, the need to develop parameters). Even sync only a portion of the contents of the file changes, so quick to synchronize data can be achieved.
Tip: The traditional cp, scp copies of each tool are complete copies, in addition to a full copy of rsync, but also have incremental copy function, so from superior performance and efficiency.
Rsync the following features:
1) Support copy special files such as links, equipment, etc.
2) can exclude specified file or directory synchronization function, the equivalent of the command tar package
3) can keep all the attributes of a file or directory permissions of the original, time, soft and hard links are not changed.
4) incremental synchronization can be achieved, i.e., only synchronizing the data changes occur, thus higher data transmission efficiency
5) may be used rcp, rsh, ssh, etc. to transfer files with, may be linked by a direct socker
6) support for anonymous or authenticated mode transmission process, facilitate data backup and mirroring.
[1] The core algorithm description:
Assumed between two computers named α and synchronization beta] A and similar files B, where α has access to the file A, β B have access to the file. And assuming very low bandwidth network between the host α and β. Then rsync algorithm will be done through the following five steps:
1. β file into a set B not overlapping fixed-size data blocks of S bytes. The final piece may be smaller than S.
2. β good performed for each divided block, two check: one is a 32-bit rolling checksum weak, the other is a strong 128-bit MD4 checksum.
3. β verify these results to α.
4. α by searching all sizes file A data block S (offset may optionally, is not necessarily a multiple of S), and to find a particular file B has the same weak and strong correction check code the data block check code. This can be verified by means of a rolling characteristics done quickly.
5. α β send instructions to generate a series of files backed up on A β of. Each instruction here to demonstrate either a file B for a block of data has to be retransmitted without either a data block, the data block must be no match with a data block on any file B.
-------------------------------------summary------------ ------------------------------------
rsync that synchronizes data between the two ends of our designated directory, this data can be special data. Before synchronization on the first to compare data across different parts between the two will only sync, and retain the original file attributes. And supports anonymously synchronous transmission. So rsync backup, synchronization will be more rapid.
-----------------------------------------------------------------------------------------
Second, software installation
http://rsync.samba.org/ rsync's official website
1) compile and install
Very simple and it can be directly extracted
tar zxf rsync-3.1.0.tar.gz
cd rsync-3.1.0
./configure
make
make install
Tip: server and client have to install rsync
Third, the rsync server deployment
rsync start
1, start the daemon rsync
[root @ the WWW rsync-2.4.6] # / usr / local / bin / rsync --daemon
to start. rsync default service port for the 873, the server requests the client's port to receive or anonymous authentication method.
2, boot
2.1) inetd.conf
edit / etc / services, adding the line rsync 873 / tcp, specify the rsync service port is 873. Ed plus /etc/inetd.conf, adding rsync stream tcp nowait root / bin / rsync rsync --daemon
Note: Similar to xinetd, setting method.
2.2) was added rc.local
will join the rc.local startup command: / usr / local / bin / rsync --daemon
rsync of two modes:
1) transfer local files
2) transmission of data between the server and client services
Transfer local files
Rsync command parameters specific follow-up speaks
[root@CT5_6-32-220-NFS01tmp]# rsync -avz /tmp/dir01/ /tmp/dir02/
building file list ... done
./
test01
sent 105 bytes received 48 bytes 306.00bytes/sec
total size is 0 speedup is 0.00
[root@CT5_6-32-220-NFS01 tmp]# tree
.
| - dir01
| `--test01
|-- dir02
| `--test01
## can be seen has been successfully copied. And to pay attention / dir01 / represents all the contents of the directory / dir01 represented directory itself
Second example is the contents of the directory so to add copy / dir01 / If you want / dir01 entire catalog copy to / dir02, then they would write / dir01 ---> no later Note /
[Root @ CT5_6-32-220-NFS01 tmp] # rsync -avz / tmp / dir01 / tmp / dir02 / ## is a copy of the directory itself such
building file list ... done
dir01 /
dir01/test01
sent 111 bytes received 48 bytes 318.00bytes/sec
total size is 0 speedup is 0.00
[root@CT5_6-32-220-NFS01 tmp]# tree
| - dir01
| `--test01
|-- dir02
| | - dir01
| | `-- test01
| `--test01
Server and client transfer
1, the server configuration file
rsync server configuration file to /etc/rsyncd.conf, which controls authentication, access, logging, and so on.
The document consists of one or more modules structures. A module definition module name in square brackets start until the end of the next module defining the start or the file, the format comprising a module name = value of the defined parameter.
Each module is in fact corresponds to a directory tree to be backed up, say, in our example environment, there are three need to back up the directory tree: / www /, / home / web_user1 / and / home / web_user2 /, then you need to configure three modules defined in the file, corresponding to the three tree. The configuration file is in units, that is, for each new line represents a new note, the module definition or parameter assignment. The line beginning with # denotes a comment, the "\" indicates the end of the line the following line is a continuation of the line. It may be a case-insensitive string parameter assignment medium number, a boolean value trure / false representation.
Parameter Description:
Global parameters: all parameters in the file [modlue module name] before the global parameters are, of course, also be part of the global parameters definition module parameter value is the default for all modules at this time of the parameter.
| Global Parameters |
description |
| motd file |
motd file |
| log file |
Designated rsync log files, not send the logs to syslog. |
| pid file |
Rsync is specified pid file. |
| syslog facility |
Specify the rsync to send log messages to the message level at which syslog, common message levels are: uth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, security, syslog, user, uucp, local0, local1, local2, local3, local4, local5, local6 and local7. The default is daemon. |
Module parameters: After global parameters need to define one or more modules, the module can define the following parameters: module [module name], up to the start end of another module
| Module Parameters |
description |
| comment |
Module to specify a description, the description is displayed to the customer together with the module is connected to the customer name obtained in the module list. The default is no description definition. |
| path |
This module directory tree for the backup path, this parameter must be specified |
| use chroot |
If "use chroot" is specified as true, then rsync to transfer files first before chroot path to the next parameter specified directory. The reason for this is to achieve additional security, but the drawback is the need to roots rights, and can not back up files to a directory outside of the symbolic link points to. chroot default value is true. recommend:? |
| max connections |
The maximum number of concurrent connections of this module is to protect the server, a connection request exceeds the limit will be informed and then try again. The default value is 0, that is, there is no limit. |
| lock file |
Support max connections parameter specifies the lock file, the default value is /var/run/rsyncd.lock |
| read only |
The option to specify whether to allow customers to upload files. So if any upload request will fail it is true, false if allowed to read and write permissions and directory server then uploads are allowed. The default value is true. |
| list |
When this option is set When a client requests a list of modules that can be used, whether the module should be listed. If this option is set to false, you can create hidden modules. The default value is true. |
| uid |
This option specifies the file transfer module daemon should have uid, which can be accessed with how kind of file permissions gid option can be used to determine the default value is "nobody". |
| guide |
This option specifies when the file transfer module daemon should have gid. The default is "nobody". That is when this module to synchronize the time, rsync daemon be what you want to use UID and GID permission to read local files. (Question: do not know whether it is understood) |
| exlude |
List is used to specify the plurality of spaces separated by a plurality of modes, and add it to exclude list. This is equivalent to using --exclude to specify the mode in the client command, but the profile specified in exlude mode will not be passed to the client, but only applied to the server. Exlude a module can specify only one option, but can be used in front of the mode "-" and "+" to specify that exclude or include. But the point to note is that the option has some security issues, the customer is likely to bypass exlude list, if you want to ensure that a particular file can not be accessed, it is best to combine uid / gid option is used with. |
| include |
Rsync is used to specify multiple lists multiple separated by a space and should exlude model. This is equivalent to using --include client command to a specified pattern, may be defined with include complex and exlude exlude / include rules. Include a module can specify only one option, but can be used in front of the mode "-" and "+" to specify that exclude or include. |
| auth users |
该选项指定由空格或逗号分隔的用户名列表,只有这些用户才允许连接该模块。这里的用户和系统用户没有任何关系。如果"auth users"被设置,那么客户端发出对该模块的连接请求以后会被rsync请求challenged进行验证身份这里使用的 challenge/response认证协议。用户的名和密码以明文方式存放在"secrets file"选项指定的文件中。默认情况下无需密码就可以连接模块(也就是匿名方式)。 |
| secrets file |
该选项指定一个包含定义用户名:密码对的文件。只有在"auth users"被定义时,该文件才有作用。文件每行包含一个username:passwd对。一般来说密码最好不要超过8个字符。没有默认的 secures file名,需要限式指定一个。(例如:/etc/rsyncd.secrets) |
| hosts allow |
该选项指定哪些IP的客户允许连接该模块。客户模式定义可以是以下形式: 192.168.1.0/24 指定某个网络的客户端 Backup.linux.com 指定某个主机名才能访问 |
| hosts deny |
指定不允许连接rsync服务器的机器,可以使用hosts allow的定义方式来进行定义。默认是没有hosts deny定义 |
| ignore errors |
指定rsyncd在判断是否运行传输时的删除操作时忽略server上的IP错误,一般来说rsync在出现IO错误时将将跳过--delete操作,以防止因为暂时的资源不足或其它IO错误导致的严重问题。 |
| ignore nonreadable |
指定rysnc服务器完全忽略那些用户没有访问权限的文件。这对于在需要备份的目录中有些文件是不应该被备份者得到的情况是有意义的。 |
| transfer logging |
使rsync服务器使用ftp格式的文件来记录下载和上载操作在自己单独的日志中。 |
| log format |
通过该选项用户在使用transfer logging可以自己定制日志文件的字段。其格式是一个包含格式定义符的字符串,可以使用的格式定义符如下所示: 默认log格式为:"%o %h [%a] %m (%u) %f %l",一般来说,在每行的头上会添加"%t [%p] "。在源代码中同时发布有一个叫rsyncstats的perl脚本程序来统计这种格式的日志文件。 %h 远程主机名%a 远程IP地址%m 模块名%t 当前时间%f 文件名 %l 文件长度字符数 |
| timeout |
通过该选项可以覆盖客户指定的IP超时时间。通过该选项可以确保rsync服务器不会永远等待一个崩溃的客户。超时单位为秒钟,0表示没有超时定义,这也是默认值。对于匿名rsync服务器来说,一个理想的数字是600。 |
| dont compress |
用来指定那些不进行压缩处理再传输的文件,默认值是 因为这些文件已经经过压缩咯,默认不用修改。 |
服务器配置实例分析
有两台服务器:A和B。其中A是主web服务器,具有域名www.atong.com(192.168.1.1),B服务器是备份机,其域名为back.atong.com(192.168.1.2)。其中A的web内容存放在以下几个地方: /www/和 /home/web_user1/和/home/web_user2/。我们需要在备份机B上建立对这几个目录内容的备份。
#vi /etc/rsyncd.conf 编辑服务端的配置文件。
#配置文件内容
uid = nobody
gid = nobody
use chroot = no
max connections = 4
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
[www]
path = /www/
ignore errors
read only = true
list = false
hosts allow = 192.168.1.2
hosts deny = 0.0.0.0/32 #拒绝任何主机,只有hosts allow的主机
auth users = rsync
secrets file = /etc/rsync.pas
[web_user1]
path = /home/web_user1/
ignore errors
read only = true #客户端不能上传资料
list = false
hosts allow = 192.168.1.2
hosts deny = 0.0.0.0/32
uid = web_user1 #同步次模块时,shi是用web_user1这个用户来读取path下的文件。
gid = web_user1
auth users = rsync
secrets file = /etc/rsync.pas
[web_user2]
path = /home/web_user2/
ignore errors
read only = true
list = false
hosts allow = 192.168.1.2
hosts deny = 0.0.0.0/32
uid = web_user2
gid = web_user2
auth users = rsync
secrets file = /etc/rsync.pas
这里定义有三个模块,分别对应于三个需要备份的目录树。这里只允许192.168.1.2备份本机的数据,并且需要认证。三个模块授权的备份用户都为rsync,并且用户信息保存在文件/etc/rsync.pas中,其内容如下:rsync:123456
并且该文件只能是root用户可读写的,否则rsyncd启动时会出错。这些文件配置完毕以后,就需要在A服务器上启动rsyncd服务器:/usr/bin/rsync --daemon
注意: 密码文件的权限设置为600
客户端操作
在对rsync服务器配置结束以后,下一步就需要在客户端发出rsync命令来实现将服务器端的文件备份到客户端来。rsync是一个功能非常强大的工具,其命令也有很多功能特色选项,我们下面就对它的选项一一进行分析说明。首先,rsync的命令格式可以为:
1)rsync [OPTION]... SRC [SRC]... [USER@]HOST:DEST 推送(因为SRC是本地)
2)rsync [OPTION]... [USER@]HOST:SRC DEST 拉取 (因为SRC是服务端)
3)rsync [OPTION]... SRC [SRC]... DEST 拷贝本地文件
4)rsync [OPTION]... [USER@]HOST::SRC [DEST]
5)rsync [OPTION]... SRC [SRC]... [USER@]HOST::DEST
6)rsync [OPTION]... rsync://[USER@]HOST[:PORT]/SRC[DEST]
SRC:标示源文件(从哪来拷) DES:目标文件(拷到哪里)
rsync命令有六种格式:
第1个命令格式:是将本地的内容推送到服务器端。实例:rsync /tmp [email protected]:www
第2个命令格式:是将服务器的内容拉取到本地端。实例:rsync [email protected]:www /tmp
[对照一下上面的命令格式,一般是有USER@HOST:就表示是服务器端,而没有知识SRC或DEST就表示是客户端。怎么分清楚是拉取还是推送,要看服务端是SRC还是DEST,如果是SRC就表示从服务端拷,就是拉取格式如USER@HOST:SRC。如果是DEST(拷到哪里)就表示推送,拷到服务端USER@HOST:DEST]
第4个和第5个命令同第1、2之间的区别就在于服务端(USER@HSOT)后面是跟上一个: 还是两个::1g个:表示会在服务器端启用以个shell来执行这个命令。而::表示会以deamon模式来执行。
rsync命令同步参数:
先了解下rsync的同步参数选项,先通过本地同步的方式来验证rsync的同步参数。
-v :详细模式输出,传输时的进度等信息
-z :传输时进行压缩以提高效率—compress-level=num可按级别压缩
-r :对子目录以递归模式,即目录下的所有目录都同样传输。
-t :保持文件的时间信息—time
-o :保持文件属主信息owner
-p :保持文件权限
-g :保持文件的属组信息
-P :--progress 显示同步的过程及传输时的进度等信息
-a :归档模式,表示以地柜模式传输文件,并保持文件所有属性相当于-rtopgdl
-e :使用的信道协议,指定替代rsh的shell程序。例如:ssh
-D :保持设备文件信息
-l :--links 保留软连接
--progress :显示备份过程
--delete :删除那些DST中SRC没有的文件
--exclude=PATTERN 指定排除不需要传输的文件模式
-u, --update 仅仅进行更新,也就是跳过所有已经存在于DST,并且文件时间晚于要备份的文件。(不覆盖更新的文件)
-b, --backup 创建备份,也就是对于目的已经存在有同样的文件名时,将老的文件重新命名为~filename。
-suffix=SUFFIX 定义备份文件前缀
-stats 给出某些文件的传输状态
-R, --relative 使用相对路径信息 如:rsync foo/bar/foo.c remote:/tmp/ 则在/tmp目录下创建foo.c文件,而如果使用-R参数:rsync -R foo/bar/foo.c remote:/tmp/ 则会创建文件/tmp/foo/bar/foo.c,也就是会保持完全路径信息。
--config=FILE 指定其他的配置文件,不使用默认的rsyncd.conf文件
--port=PORT 指定其他的rsync服务端口
一般就使用 -avz来进行传输,如果放入脚本中可以吧-v和-P去掉。
客户端命令格式实例:
1.2 从服务器上下载文件
rsync -avz --delete [email protected]::/tmp /tmp --password-file=/etc/rsync.pas
从本地上传到服务器上去
rsync -avz --delete --progress /tmp [email protected]::/tmp
参考实例1:
具体需求:在A-SERVER上以rsync守护进程的方式部署rsync服务,使得所有客户端主机,可以把本地的数据通过rsync的方式据备份到服务器A-SERVER上。也可以通过rsync将数据从A-SERVER抓取到客户端。
拓扑方向:C<---->A A<--->B
服务器端
1)配置/etc/rsyncd.conf
Rsyncd.conf 默认是rsync服务的配置文件
uid = root #此表示rsync以什么用户来读取本地的目。也就是以root用户来进行rsync指定目录的文件读取,写入权限。
gid = root
use chroot = no
max connections = 200 #最大连接数
timeout = 300
pid file = /var/run/rsyncd.pid
locak file = /var/run/rsync.lock
log file = /var/log/rsyncd.log #日志文件
[atong] #当我们读取的时候,就需要使用到模块名
Path = /tmp/ #指定备份的路径
Ignore errors #忽略错误
read only = false #不只读
list = false #不列出rsync目录文件
hosts allow = 10.0.0.0/24
hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password #认证的密钥文件
man rsyncd.conf查看配置的细节信息
注意:配置的path一定要存在,并且权限是允许uid和gid去进行读写才可以。有点类似nfs的本地文件权限,和nfs共享权限一样。
2)配置密码文件:文件格式为用户:密码并且里面的只能以这样的格式,并且是没有空格的。而且在配置文件中的log file 指定的存放路径,就是此密码文件的存放路径,且文件名要正确。密码文件的权限必须是600的权限,root root
3)启动rsync
#rsync –-daemon 表示让rsync以daemon的模式进行启动
#ps -ef | grep rsync 查看rsync进程是否已经启动
#netstat –lnt | grep 873 查看rsync是否已经启动,并检测端口状态
#lsof –I tcp:873 用来反查端口对应的是什么服务。
拓展:--daemon 表示以守护进程的方式启动
--address 绑定某个ip地址来提供服务,如果有多个ip地址的话
--config=file 更还配置文件路径,而不是默认的/etc/rsyncd.conf
--port=PORT 更改其他端口提供服务器,而不是默认的873端口
以上的几个参数为了解内容,生产环境并不长常用
配置rsync开机启动
echo “/usr/bin/rsync --daemon”>>/etc/rc.local
重启rsync服务pkill rsync&&rsync -daemon
客户端部署
1)在同样的密码文件下添加用户的密码 600权限(文件不一定要和服务端的一样,但为了方便管理,建议一样的)
推送#rsync –avz –P /tmp/atong [email protected]::atong
最后面的::表示是以daemon模式,并且是oldboy模块。此模块的名称必须和配置文件中的一样。
#rsync–avz –P /tmp/atong rsync://[email protected]:/atong/ hosts
--password-file=/etc/rsync.password
此方式的推送,最后面的/atong/跟的并不是模块名称,而是直接接上目录路径。[此目录是不是只能够接上,服务器上配置的同步目录]
实例:
[root@CT5_6-32-220-NFS01 data]# cat/etc/rsyncd.conf
uid = root
gid = root
user chroot = no
max connections =200
timeout = 300
pid file =/var/run/rsyncd.pid
locake file =/var/run/rsync.lock
log file = /var/log/rsyncd.log
[tmp]
path=/tmp/
ignore errors
read only = false
list = false
hosts allow = 192.168.40.0/22
hsots deny=0.0.0.0/32
authusers = rsync_back
secretsfile= /etc/rsync.password
[/data/rsync/]
path=/data/rsync/
read only = false
auth users = rsync_back
secrets file = /etc/rsync.password
###
root@CT5_6-32-220-NFS01 tmp]# mkdir /data ##创建模块中使用到的目录
mkdir: cannot create directory `/data': File exists
[root@CT5_6-32-220-NFS01 tmp]# cd /data
[root@CT5_6-32-220-NFS01 data]# echo"rsync_back:123456" >> /etc/rsync.password
[root@CT5_6-32-220-NFS01 data]# chmod 600 /etc/rsync.password##注意密码文件的权限为600权限。
[root@CT5_6-32-220-NFS01 data]# rsync –daemon 启动
[root@CT5_6-32-220-NFS01 data]# netstat -lnt | grep873 ##查看系统中是否已经启动rsync
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN
###配置客户端:客户端中只需要存放用户的密码,并且权限为600即可###
[root@CT56-32-221-NFS02 dir01]# echo "123456" >>/etc/rsync.password
[root@CT56-32-221-NFS02 dir01]# chmod 600/etc/rsync.password
第一种拉取方式:
[root@CT56-32-221-NFS02 tmp]# rsync -avz [email protected]::tmp /tmp/ ##其中
[root@CT56-32-221-NFS02 tmp]# ll
total 20
drwxr-xr-x 84 root root 4096 Jun 20 10:28 2
drwxr-xr-x 3root root 4096 Jun 20 10:19 dir01
drwxr-xr-x 3root root 4096 Jun 20 09:43 dir02
drwxr-xr-x 84 root root 4096 Jun 19 05:25 etc
drwx------ 2root root 4096 Jun 20 07:40 ssh-ZQBmZ29557
说明:如果是加上-delete进行推送,那么我指定的本地目录的内容有哪些,远端目录的内容也就只有哪些。如我原本指定/tmp/atong/ 和远端/atong/一样。后来又再创建了一个/delete目录且为空,那么我再推送/tmp/delete/和远端/atong/目录,那么远端原来有的所有内容都会被删除掉,因为此时的/delete/目录有啥,远端也就有啥。
一些示例脚本
这里这些脚本都是rsync网站上的例子:
1、每隔七天将数据往中心服务器做增量备份
#!/bin/sh
# This script does personal backups to a rsyncbackup server. You will end up
# with a 7 day rotating incremental backup. Theincrementals will go
# into subdirectories named after the day of theweek, and the current
# full backup goes into a directory called"current"
# [email protected]
# directory to backup
BDIR=/home/$USER
# excludes file - this contains a wildcard patternper line of files to exclude
EXCLUDES=$HOME/cron/excludes
# the name of the backup machine
BSERVER=owl
# your password on the backup server
export RSYNC_PASSWORD=XXXXXX
########################################################################
BACKUPDIR=`date +%A`
OPTS="--force --ignore-errors--delete-excluded --exclude-from=$EXCLUDES
--delete --backup --backup-dir=/$BACKUPDIR -a"
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin
# the following line clears the last weeks incrementaldirectory
[ -d $HOME/emptydir ] || mkdir $HOME/emptydir
rsync --delete -a $HOME/emptydir/$BSERVER::$USER/$BACKUPDIR/
rmdir $HOME/emptydir
# now the actual transfer
rsync $OPTS $BDIR $BSERVER::$USER/current
2、备份至一个空闲的硬盘
#!/bin/sh
export PATH=/usr/local/bin:/usr/bin:/bin
LIST="rootfs usr data data2"
for d in $LIST; do
mount /backup/$d
rsync -ax --exclude fstab --delete /$d/ /backup/$d/
umount /backup/$d
done
DAY=`date "+%A"`
rsync -a --delete /usr/local/apache/data2/backups/$DAY
rsync -a --delete /data/solid /data2/backups/$DAY
3、对vger.rutgers.edu的cvs树进行镜像
#!/bin/bash
cd /var/www/cvs/vger/
PATH=/usr/local/bin:/usr/freeware/bin:/usr/bin:/bin
RUN=`lps x | grep rsync | grep -v grep | wc -l`
if [ "$RUN" -gt 0 ]; then
echo already running
exit 1
fi
rsync -az vger.rutgers.edu::cvs/CVSROOT/ChangeLog$HOME/ChangeLog
sum1=`sum $HOME/ChangeLog`
sum2=`sum /var/www/cvs/vger/CVSROOT/ChangeLog`
if [ "$sum1" = "$sum2" ]; then
echo nothing to do
exit 0
fi
rsync -az --delete --force vger.rutgers.edu::cvs//var/www/cvs/vger/
exit 0
FAQ
Q:如何通过ssh进行rsync,而且无须输入密码?
A:可以通过以下几个步骤
1. 通过ssh-keygen在server A上建立SSH keys,不要指定密码,你会在~/.ssh下看到identity和identity.pub文件
2. 在server B上的home目录建立子目录.ssh
3. 将A的identity.pub拷贝到server B上
4. 将identity.pub加到~[user b]/.ssh/authorized_keys
5. 于是server A上的A用户,可通过下面命令以用户B ssh到server B上了
e.g. ssh -l userB serverB
这样就使server A上的用户A就可以ssh以用户B的身份无需密码登陆到serverB上了。
Q:如何通过在不危害安全的情况下通过防火墙使用rsync?
A:解答如下:
这通常有两种情况,一种是服务器在防火墙内,一种是服务器在防火墙外。无论哪种情况,通常还是使用ssh,这时最好新建一个备份用户,并且配置 sshd仅允许这个用户通过RSA认证方式进入。如果服务器在防火墙内,则最好限定客户端的IP地址,拒绝其它所有连接。如果客户机在防火墙内,则可以简单允许防火墙打开TCP端口22的ssh外发连接就ok了。
Q:我能将更改过或者删除的文件也备份上来吗?
A:当然可以:
你可以使用如:rsync -other -options-backupdir = ./backup-2000-2-13 ...这样的命令来实现。
这样如果源文件:/path/to/some/file.c改变了,那么旧的文件就会被移到./backup-2000-2-13/path/to/some/file.c,
这里这个目录需要自己手工建立起来
Q:我需要在防火墙上开放哪些端口以适应rsync?
A:视情况而定
rsync可以直接通过873端口的tcp连接传文件,也可以通过22端口的ssh来进行文件传递,但你也可以通过下列命令改变它的端口:
rsync --port 8730 otherhost::
或者
rsync -e 'ssh -p 2002' otherhost:
Q:我如何通过rsync只复制目录结构,忽略掉文件呢?
A:rsync -av --include '*/' --exclude '*' source-dir dest-dir
Q:为什么我总会出现"Read-only file system"的错误呢?
A:看看是否忘了设"read only = no"了
Q:为什么我会出现'@ERROR: invalid gid'的错误呢?
A:rsync使用时默认是用uid=nobody;gid=nobody来运行的,如果你的系统不存在nobody组的话,就会出现这样的错误,可以试试gid = nogroup或者其它
Q:绑定端口873失败是怎么回事?
A:如果你不是以root权限运行这一守护进程的话,因为1024端口以下是特权端口,会出现这样的错误。你可以用--port参数来改变。
Q:为什么我认证失败?
A:从你的命令行看来:
你用的是:
>; bash$ rsync -a 144.16.251.213::test test
>; Password:
>; @ERROR: auth failed on module test
>;
>; I dont understand this. Can somebody explainas to how to acomplish this.
>; All suggestions are welcome.
应该是没有以你的用户名登陆导致的问题,试试rsync [email protected]::test test