How can I rsync without prompt for password, without using public key authentication?
If the rsync
daemon isn't running on the target machine, and you don't care about exposing passwords to everyone on the local machine (Why shouldn't someone use passwords in the command line?), you can use sshpass
:
sshpass -p "password" rsync [email protected]:/abc /def
Note the space at the start of the command, in the bash
shell this will stop the command (and the password) from being stored in the history. I don't recommend using the RSYNC_PASSWORD
variable unless absolutely necessary (as per a previous edit to this answer), I recommend suppressing history storage or at least clearing history after. In addition, you can use tput reset
to clear your terminal history.
This password environment variable appears only to be used when using the rsync protocol:
rsync rsync://[email protected]:/abc /def
For this to work, you need to run rsync as a daemon as well (--daemon
option), which is often done using inetd.conf
.
When using this protocol, abc
should correspond to a target defined in /etc/rsyncd.conf
. The user name should be present in a auth users
line for this target, and a password file should be specified with the secrets file
option.
It is this secrets file that contains mappings between user names and passwords in the following format:
username:password
And it is this password that you can specify using the RSYNC_PASSWORD environment variable.
You can use standard ssh identities to do passwordless login. This is handled by default if you have a ~/.ssh/id_rsa
or the like, but you can also hardcode your own path to the private key of an authorized keypair.
This allows batching/scripting without exposing passwords, and the public key can be remove from the target server if the private key is ever compromised.
rsync -e"ssh -i /path/to/privateKey" -avR $sourcedir ${ruser}@${rhost}:~/${rdir}/
You can also add arguments like -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
to not force remote host key verification. !Caution - that opens up man in the middle attacks and is general bad practice!