144

I need to do rsync by ssh and want to do it automatically without the need of passing password for ssh manually.

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
liysd
  • 4,413
  • 13
  • 35
  • 38
  • 3
    the easiest way to pypass password prompt every time you transfer or login your ssh is to create a key, here's how you can do that in 2 steps https://www.brightery.com/en/post/If-you-tired-of-writing-your-password-every-time-you-login-your-SSH – Muhammad El-Saeed Aug 16 '20 at 09:47
  • 2
    Also, just to add, if you reason you don't want to prompt for password is because you need to rsync many files, the the better solution is to store all the files in a txt list and just pass the option `--files-from=` that way it will only prompt once – Ahdee Feb 18 '21 at 22:49

15 Answers15

132

Use "sshpass" non-interactive ssh password provider utility

On Ubuntu

 sudo apt-get install sshpass

Command to rsync

 /usr/bin/rsync -ratlz --rsh="/usr/bin/sshpass -p password ssh -o StrictHostKeyChecking=no -l username" src_path  dest_path
Rajendra
  • 1,662
  • 2
  • 10
  • 11
  • 4
    I know this is not best practice, but I've got a NAS with a crippled SSHD that won't do key-based auth. This answer was the missing piece to my automated-backup puzzle. So +1 for the last-resort answer – Mike Gossmann Nov 17 '13 at 23:02
  • 12
    If you can not use a keyfile, but do not want to include the password in the command, you can write it into a temporary file and include it like this: `sshpass -p\`cat .password\` ssh [...]`. Then protect your `.password` file by `chmod 400 .password` to make sure only your user can read it. – lutuh Aug 06 '15 at 14:20
  • 6
    For completeness, in the case of ssh'ing to a remote server, the `src_path` ought to be server:path, like so: `server01.mydomain.local:/path/to/folder` – harperville Aug 09 '16 at 18:58
  • 1
    this is definitely the right answer! it allow you to do scripting without ssh magic, just scripting one. ;) Kudos @Rajendra – genuinefafa Jan 10 '17 at 20:23
  • 1
    since `-a` switch on rsync includes `-rlptgoD`, you can shorten the command like this: `rsync -az ...` – Jannie Theunissen Nov 17 '18 at 10:39
  • And, to mention: rsync has to be installed on destination machine, if you want to sync from local to remote machine! See: [sshpass: Falied to run command: No such file or directory](https://serverfault.com/questions/837564/sshpass-failed-to-run-command-no-such-file-or-directory) – sneaky Sep 25 '19 at 14:14
  • This answer on the Unix Stack Exchange is much more succinct: https://unix.stackexchange.com/a/111534/119644 – GDP2 Jul 28 '20 at 17:20
  • For a password with weird characters: `sshpass -f~/.passfile` will help, preceded by placing the password in `~/.passfile`. – GDR Feb 09 '21 at 12:24
  • 2
    @sneaky you can even do it without `rsync` available on remote, if you mount the remote target folder locally with `sshfs`. It's not optimal, but it works. – Headbank May 10 '21 at 18:18
59

You should use a keyfile without passphrase for scripted ssh logins. This is obviously a security risk, take care that the keyfile itself is adequately secured.

Instructions for setting up passwordless ssh access

Mad Scientist
  • 18,090
  • 12
  • 83
  • 109
  • 11
    There are no possibility for putting password in a text of command? – liysd Jul 21 '10 at 13:55
  • 3
    Not easily, there is no options for it in ssh – Mad Scientist Jul 21 '10 at 13:59
  • It should be noted that this is not always possible to do (e.g. many android ssh server implementation are quite limited). – Ponkadoodle Aug 28 '15 at 04:05
  • @Ponkadoodle The OP is about client-side requests, not server-side. `ssh -i` should always be possible on the client side. Do you mean that the server may not support all key-types (e.g. ECDSA)? That would not be a major issue though, just a case of using `ssh-keygen -t`. Am I missing something? – Jonathan H Jan 30 '19 at 14:27
  • 3
    Although this might appear to be a hassle at first, this is the correct answer. Passwords are sensitive information, and these should not be stored in clear, or used carelessly in programs. That is what keyfiles are for; just learn about [identity files, `rsync -e` and `ssh -i`](https://unix.stackexchange.com/a/127355/45354). – Jonathan H Jan 30 '19 at 14:33
  • @MadScientist My only problem with this solution is that the rsync parts of the answer are buried in comments and none of them provide rigorous syntax or examples. The basic ssh part of this tutorial you link to is fine, however. – oemb1905 Apr 10 '19 at 02:14
  • Where is the manual / code example? If the external link is dead this answer is useless. – mgutt Feb 19 '20 at 20:05
  • 1
    Some hosts ban key authentication, so password is the only option. – Chris L. Barnes May 06 '20 at 16:52
  • This did the job for me, Thanks for sharing ! – MoonLight Sep 28 '22 at 06:50
41

You can avoid the password prompt on rsync command by setting the environment variable RSYNC_PASSWORD to the password you want to use or using the --password-file option.

simhumileco
  • 31,877
  • 16
  • 137
  • 115
Dexter
  • 1,621
  • 3
  • 18
  • 38
  • 51
    only works if the destination server has rsync daemon running – Darryl Hebbes Mar 02 '13 at 16:58
  • 8
    Even though this answer doesn't help unless using rsync daemon, Google landed me here and it was exactly what I needed. For me, I needed direct rsync to rsyncd, no ssh. I just used the password-file option, and worked perfectly for a script. – gregthegeek Jul 22 '14 at 19:40
  • and how to exactly use this in the command? any sample command? – y_159 Oct 30 '20 at 05:35
  • @y_159 Before the rsync: read -s -p "ssh password: " RSYNC_PASSWORD – Bruce Apr 05 '22 at 21:49
27

I got it to work like this:

sshpass -p "password" rsync -ae "ssh -p remote_port_ssh" /local_dir  remote_user@remote_host:/remote_dir
phrogg
  • 888
  • 1
  • 13
  • 28
andrey465
  • 271
  • 3
  • 2
  • what would the `remote_port_ssh` be set to? It looks like a placeholder for an actual value. – Max Williams Feb 04 '20 at 10:56
  • @MaxWilliams If your remote server SSH server runs on a different port (it should), you can change `remote_port_ssh`. If it runs on default port you can skip this part. – xtl Sep 02 '20 at 09:42
  • So do we have to replace `remote_port_ssh` by a value or leave it like this? – y_159 Oct 30 '20 at 08:00
  • 1
    if server port is 22, then discard it, else you can specify particular port – Adil Saju Feb 17 '21 at 09:01
18

If you can't use a public/private keys, you can use expect:

#!/usr/bin/expect
spawn rsync SRC DEST
expect "password:"
send "PASS\n"
expect eof
if [catch wait] {
    puts "rsync failed"
    exit 1
}
exit 0

You will need to replace SRC and DEST with your normal rsync source and destination parameters, and replace PASS with your password. Just make sure this file is stored securely!

kainjow
  • 3,955
  • 1
  • 20
  • 17
  • 4
    those commands arent available on my `Red Hat Enterprise Linux Server release 5.11 (Tikanga)` – To Kra Jun 18 '15 at 09:00
7

The following works for me:

SSHPASS='myPassword'
/usr/bin/rsync -a -r -p -o -g --progress --modify-window=1 --exclude /folderOne -s -u --rsh="/usr/bin/sshpass -p $SSHPASS ssh -o StrictHostKeyChecking=no -l root"  source-path  myDomain:dest-path  >&2

I had to install sshpass

simhumileco
  • 31,877
  • 16
  • 137
  • 115
mario
  • 622
  • 1
  • 11
  • 31
  • 3
    -a already implies -rlptgoD and in general, it would be much more helpful to have a reduced command line here. – Christian Dec 12 '17 at 22:21
6

Another interesting possibility:

  1. generate RSA, or DSA key pair (as it was described)
  2. put public key to host (as it was already described)
  3. run:
rsync --partial --progress --rsh="ssh -i dsa_private_file" host_name@host:/home/me/d .

Note: -i dsa_private_file which is your RSA/DSA private key

Basically, this approach is very similar to the one described by @Mad Scientist, however you do not have to copy your private key to ~/.ssh. In other words, it is useful for ad-hoc tasks (one time passwordless access)

simhumileco
  • 31,877
  • 16
  • 137
  • 115
xhudik
  • 2,414
  • 1
  • 21
  • 39
5

Use a ssh key.

Look at ssh-keygen and ssh-copy-id.

After that you can use an rsync this way :

rsync -a --stats --progress --delete /home/path server:path
simhumileco
  • 31,877
  • 16
  • 137
  • 115
Guillaume Lebourgeois
  • 3,796
  • 1
  • 20
  • 23
  • If I use key with ssh I write: ssh u@serv -i ./rsa But how to do it in rsync? – liysd Jul 21 '10 at 14:15
  • 2
    If you put the key into your .ssh directory and give it a standard name (typically id_rsa / id_rsa.pub) it will be picked up automatically by rsync. – Craig Trader Jul 21 '10 at 14:31
5

The official solution (and others) were incomplete when I first visited, so I came back, years later, to post this alternate approach in case any others wound up here intending to use a public/private key-pair:

Execute this from the target backup machine, which pulls from source to target backup

rsync -av --delete -e 'ssh -p 59333 -i /home/user/.ssh/id_rsa' user@10.9.9.3:/home/user/Server/ /home/keith/Server/

Execute this from the source machine, which sends from source to target backup

rsync -av --delete -e 'ssh -p 59333 -i /home/user/.ssh/id_rsa' /home/user/Server/ user@10.9.9.3:/home/user/Server/

And, if you are not using an alternate port for ssh, then consider the more elegant examples below:

Execute this from the target backup machine, which pulls from source to target backup:

sudo rsync -avi --delete user@10.9.9.3:/var/www/ /media/sdb1/backups/www/

Execute this from the source machine, which sends from source to target backup:

sudo rsync -avi --delete /media/sdb1/backups/www/ user@10.9.9.3:/var/www/

If you are still getting prompted for a password, then you need to check your ssh configuration in /etc/ssh/sshd_config and verify that the users in source and target each have the others' respective public ssh key by sending each over with ssh-copy-id user@10.9.9.3.

(Again, this is for using ssh key-pairs without a password, as an alternate approach, and not for passing the password over via a file.)

oemb1905
  • 148
  • 1
  • 7
  • And an important side note is that in the alternate port example, you are directing ssh to your private key file, and when it executes the command on target, it will authenticate against its public key. – oemb1905 Jul 07 '19 at 07:40
4

Automatically entering the password for the rsync command is difficult. My simple solution to avoid the problem is to mount the folder to be backed up. Then use a local rsync command to backup the mounted folder.

mount -t cifs //server/source/ /mnt/source-tmp -o username=Username,password=password
rsync -a /mnt/source-tmp /media/destination/
umount /mnt/source-tmp
Andrew Seaford
  • 645
  • 6
  • 13
3

Though you've already implemented it by now,

you can also use any expect implementation (you'll find alternatives in Perl, Python: pexpect, paramiko, etc..)

hd1
  • 33,938
  • 5
  • 80
  • 91
Joao Figueiredo
  • 3,120
  • 3
  • 31
  • 40
2

I use a VBScript file for doing this on Windows platform, it servers me very well.

set shell = CreateObject("WScript.Shell")
shell.run"rsync -a Name@192.168.1.100:/Users/Name/Projects/test ."
WScript.Sleep 100
shell.SendKeys"Your_Password"
shell.SendKeys "{ENTER}"
joseph.smeng
  • 81
  • 1
  • 4
2

Exposing a password in a command is not safe, especially when using a bash script, if you tried to work with keyfiles thats will be nice. create keys in your host with ssh-keygen and copy the public key with ssh-copy-id "user@hostname.example.com and then use rsync addin the option -e "ssh -i $HOME/.ssh/(your private key)" to force rsync using ssh connection via the the private key that you create earlier.

example :

rsync -avh --exclude '$LOGS' -e "ssh -i $HOME/.ssh/id_rsa" --ignore-existing $BACKUP_DIR $DESTINATION_HOST:$DESTINATION_DIR;

Azzeddine El Hannouni
  • 31
  • 1
  • 3
2

Here's a secure solution using a gpg encrypted password.

1.Create a .secret file containing your password in the same folder as your rsync script using the command:

echo 'my-very-secure-password' > .secret

Note that the file is hidden by default for extra security.

2.Encrypt your password file using the following gpg command and follow the prompts:

gpg -c .secret

This will create another file named .secret.gpg. Your password is now encrypted.

3.Delete the plain text password file

rm .secret

4.Finally in your rsync script use gpg and sshpass as follows:

gpg -dq secret.gpg | sshpass rsync -avl --mkpath /home/john user_name@x.x.x.x/home

The example is syncing the entire home folder for the user named john to a remote server with IP x.x.x.x

Mwiza
  • 7,780
  • 3
  • 46
  • 42
  • That's actually a quite clever solution! (Sadly, in my case, I cannot use `sshpass`, but I _do_ have `gpg` on both client and server). – Gwyneth Llewelyn Dec 19 '22 at 03:19
-1

Following the idea posted by Andrew Seaford, this is done using sshfs:

echo "SuperHardToGuessPass:P" | sshfs -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@example.com:/mypath/ /mnt/source-tmp/ -o workaround=rename -o password_stdin
rsync -a /mnt/source-tmp/ /media/destination/
umount /mnt/source-tmp
lepe
  • 24,677
  • 9
  • 99
  • 108