[Bug 1831101] Re: rsync with remote sudo fails over ssh/pki with protocol mismatch error
Christian Ehrhardt
1831101 at bugs.launchpad.net
Fri May 31 09:38:41 UTC 2019
I have set this up in Xenial/Bionic/Eoan
The following syncs nicely a dir created as root to need the sudo to read it:
$ rsync -AEaogt --rsync-path="sudo rsync" -e "ssh -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" /tmp/foo
ubuntu at 10.253.194.115:/tmp
This works among all pairs and cross releases.
Now lets brainstorm what might happen in your case ...
I have:
1. setup rsync to be sudo enabled without PW in /etc/sudoers
%sudo ALL= NOPASSWD:/usr/bin/rsync
2. then I exchanged ssh keys between all nodes
That got it working, no more needed.
Did you use the same sudoers hint to make it PW-less?
I have read through your log twice but can't find anything obvious.
You could try to set up another user special to this use case.
And let that user have no .bashrc nor anything else (maybe the login with rsync triggers a different path and there you have output). At least that would be an easy try.
Most things you find on the net about this is about clearing the non
interactive login, but I think you have done that. What might be worth
to take a look is dropping strict host keycheck option and really make
sure all keys are accepted - maybe something with that is going on in
the background?
** Changed in: rsync (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1831101
Title:
rsync with remote sudo fails over ssh/pki with protocol mismatch error
Status in rsync package in Ubuntu:
Incomplete
Bug description:
rsync with remote sudo fails over ssh on Ubuntu Mate 18.04.2
rsync version 3.1.2 protocol version 31 - same on local and remote
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 - same on
local and remote
I have checked for spurious output from .bashrc using
$ ssh user at host /bin/true > out.dat
which results in
$ ls -l *.dat
-rw-rw-r-- 1 user user 0 May 22 23:33 out.dat
-- The [redacted] command is
rsync -AEavvvogt --rsync-path="sudo rsync" --debug=CONNECT -e "ssh -i
/home/xxx/.ssh/id_rsa -tt -v -o StrictHostKeyChecking=no -o
UserKnownHostsFile=/dev/null" --exclude-from=/home/xxx/backup.exclude
--delete --link-dest=../$lastdt /etc $dest/$dt
-- The [redacted] output is
opening connection using: ssh -i /home/user/.ssh/id_rsa -tt -v -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -l user xxx
"sudo rsync" --server -vvvlogDtpAre.iLsfxC --delete --link-dest
../20190506_021137 . /home/backups/xxx/20190522_232738 (20 args)
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xxx [192.168.1.120] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat
0x04000000
debug1: Authenticating to xxx:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: <email address hidden> MAC:
<implicit> compression: none
debug1: kex: client->server cipher: <email address hidden> MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: xxx
Warning: Permanently added 'xxx,192.168.1.120' (ECDSA) to the list of
known hosts.
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-
sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384
,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:xxx /home/user/.ssh/id_rsa
debug1: Server accepts key: xxx
debug1: Authentication succeeded (publickey).
Authenticated to xxx ([192.168.1.120]:22).
debug1: channel 0: new [client-session]
debug1: Requesting <email address hidden>
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype <email address hidden>
want_reply 0
debug1: tty_make_modes: no fd or tio
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
debug1: Sending command: sudo rsync --server -vvvlogDtpAre.iLsfxC
--delete --link-dest ../20190506_021137 .
/home/backups/xxx/20190522_232738
protocol version mismatch -- is your shell clean?
(see the rsync man page for an explanation)
rsync error: protocol incompatibility (code 2) at compat.c(178)
[sender=3.1.2]
[sender] _exit_cleanup(code=2, file=compat.c, line=178): about to call
exit(2)
-------------------------------------------------------
/etc/sudoers contains
user ALL= NOPASSWD:/usr/bin/rsync
...which I have tried placing above (as is the default) and below lines beginning %admin and %sudo and the space in "ALL= NOPASSWD..." doesn't seem to make any difference
I followed the instructions at
https://www.digitalocean.com/community/tutorials/how-to-copy-files-
with-rsync-over-ssh
https://askubuntu.com/questions/719439/using-rsync-with-sudo-on-the-
destination-machine
...which worked on 16.04, so I wonder if there may be a bug, although
grateful for any other suggestions, as I am unsure how to
debug/investigate further
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1831101/+subscriptions
More information about the foundations-bugs
mailing list