rsync approach

Karl Vogel vogelke+unix at
Sat May 30 22:58:06 UTC 2009

>> On Wed, 27 May 2009 15:03:30 -0700, 
>> prad <prad at> said:

P> We are thinking of rsync to duplicate 1st [box] > 2nd [box] (with the
P> exception of rc.conf and a few other files of course because we don't
P> want them to be absolutely identical).

P> we plan to allow root login and have disabled all password access so
P> that rsync can preserve permissions.  is this a good way to accomplish
P> the bkp job?

   If you're going to use root login, I'd suggest access control for ssh
   via either daemontools or tcpwrappers, and add some extra security
   by putting 'from="hostname"' in root's entry in the "authorized_keys2"

   from="" ssh-dss AAAAB3NzaC1MtH[...]WDXDrq03pE= root at

   It's not strictly necessary to allow root connections if you want
   to keep permissions intact.  I use an unprivileged account ("bkup")
   to copy gzipped cpio archives between systems.  On the 1st box, root
   can use pax or cpio to create the archive, and then run something as
   user "bkup" to do the copy to the 2nd box:

     root# cd /some/where
     root# find . -print | pax -x cpio -wd | gzip -1c > /tmp/arch.pax.gz
     root# su bkup -c "scp -c arcfour -i /bkup/.ssh/backuphost_dsa \

   The arcfour cipher will probably give you better throughput.  To unpack
   the files on

     root# cd /some/where/else
     root# gunzip -c /someplace/bkup/can/write/arch.pax.gz | pax -rd -pe
     root# rm /someplace/bkup/can/write/arch.pax.gz

   If the files you're syncing are huge, you're better off using root login
   plus rsync.

Karl Vogel                      I don't speak for the USAF or my company

SUVs are gross because they're the solution to a gross problem:
how to make minivans look more masculine.                      --Paul Graham

More information about the freebsd-questions mailing list