rsync over OpenSSH error

Brian Fahrlander brian at fahrlander.net
Sat Dec 23 21:55:22 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Garry Knight wrote:
> Until recently I've been using rsync between my laptop and PC without any
> problems. Both run Kubuntu 6.06 LTS Dapper Drake.
> 
> Just recently, when trying to sync directories across machines, I've been
> getting the following error (on the machine on which I start the rsync):
> 
> Permission denied (publickey, keyboard-interactive).
> 
> I'm not an expert on rsync or ssh, but this looks like an error returned by
> ssh. On both machines, I'm using version 1:4.2p1-7ubuntu 3.1 of
> openssh-client and the same version of openssh-server, and version
> 2.6.6-1ubuntu2 of rsync.

    Nope, you've got it, it's ssh.

> As I said, I'm not an expert, and I've looked at ssh_config on both machines
> until I'm blue in the face (well, a darker shade of pink...) and can't
> think what's going on.

    There's a couple of things here.

    1. Use RSA keys.  This isn't a solution to "Permission denied", but
it will make your life easier, and provides good protection against the
bots that guess usernames and passwords. (Yes, I created an account
"test", with a password of "password" once, and they got me. The threat
is real.)

    2. I'm guessing that you're transferring files across an insecure
mechanism (otherwise ssh wouldn't be necessary). In the long term, SSH
is going to do a lot of expansion on the data to be moved; you might
want to turn up the compression a good bit. (1-Adam-12: see the man.)

    Now, while the above isn't a solution to the exact message you're
getting, it's just possible that by switching to RSA keys, you can at
least _avoid_ the core problem.  And in so doing, you make things both
quicker and safer, so it's a good idea.

    Thumbnail sketch:

    The user that's doing the ssh runs "ssh-keygen -t rsa".  Inside that
user's .ssh directory it'll create id_rsa and id_rsa.pub.  The "pub"
file goes into $HOME/.ssh/authorized_keys.  Then the next time you
attempt the connection, it won't ask for a password, and all is well.

    There are _tons_ of RSA howtos.  Heck, even Wil Wheaton wrote one.
Pick one that suits your reading style and have fun!

    (And you can write me, offlist, if you need help.)

- --
 ------------------------------------------------------------------------
 Brian Fahrländer                 Christian, Conservative, and Technomad
 Evansville, IN                              http://Fahrlander.net/brian
 ICQ: 5119262                         AOL/Yahoo/GoogleTalk: WheelDweller
 ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFjaXK6PLtRzZbdhYRAp/GAJ43IA5adKW6H6ja+qqZ7QhnCltfjgCeN6G9
qzuuuAaYu81D9FrWDx0wKT0=
=hbFm
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list