Specify identity file (id_rsa) with rsync
I need to make periodic backups of a directory on a remote server which is a virtual machine hosted by a research organisation. They mandate that access to VMs is through ssh keys, which is all good, except that I can’t figure out how to point rsync to the ssh key for this server.
Rsync has no problem if the key file is
~/.ssh/id_rsa, but when it is something else I get
Permission denied (publickey).
With ssh I can specify the identity file with
-i, but rsync appears to have no such option.
I have also tried temporarily moving the key on the local machine to
~/.ssh/id_rsa, but that similarly does not work.
Can you specify an identity file with rsync?
You can specify the exact ssh command via the ‘-e’ option:
rsync -Pav -e "ssh -i $HOME/.ssh/somekey" username@hostname:/from/dir/ /to/dir/
Many ssh users are unfamiliar with their ~/.ssh/config file. You can specify default settings per host via the config file.
In the long run it is best to learn the ~/.ssh/config file.
This can be done with SSH user config see:
basically edit ~/.ssh/config:
$ nano ~/.ssh/config
#Add Hosts below
$ rsync -e ssh /home/user/directory email@example.com:home/user/directory/
This should work for any program using SSH, rsync,
1) The public key is always in the home directory of the user logging in to remote server i.e. if you login as “backup” it is located at /home/backup/.ssh/authorized_keys. User ID when you login defines the public key used at the destination.
You can choose the user ID when making connection by two different ways:
ssh -l user_id destination_server (<-- that is lower case "L")
On the other hand at your end the private key is in a similar way in homedir of user unless you override it like described in Dan’s answer.
2) For backup purpose it may be desirable to create a restricted key which is limited to run just one command like “rsync”. There is a good description about that related to “rsnapshot” backup which allows you to remote backup entire server using non privileged user account and “sudo”:
Rsnapshot can easily backup a bunch of remote or local servers making it handy scheduled & centralised backup server.
For me it was sufficient to start the ssh-agent as follows:
eval `ssh-agent -s`
See also a longer answer here https://stackoverflow.com/questions/17846529/could-not-open-a-connection-to-your-authentication-agent