mjhjmtu

I need to execute rsync, without it prompting me for password.

I've seen in rsync manpage that it doesn't allow specifying the password as command line argument.

But I noticed that it allows specifying the password via the variable RSYNC_PASSWORD.

So I've tried exporting the variable, but rsync keeps asking me for password.

export RSYNC_PASSWORD="abcdef"
rsync root@1.2.3.4:/abc /def

What am I doing wrong?

Please consider:

• I understand that this is a bad idea from security aspect
  


• I must use only rsync, can't use other software


• I can't use key-based authentication


• I've already read many SE question, e.g.:
  how-to-pass-password-for-rsync-ssh-command @ stackoverflow.com
  rsync-cron-job-with-a-password @ superuser.com
  how-to-setup-rsync-without-password-with-ssh-on-unix-linux @ superuser.com

In other words, I need to have the RSYNC_PASSWORD approach working! :-)

This password environment variable appears only to be used when using the rsync protocol:

rsync rsync://username@1.2.3.4:/abc /def

For this to work, you need to run rsync as a daemon as well (--daemon option), which is often done using inetd.conf.

When using this protocol, abc should correspond to a target defined in /etc/rsyncd.conf. The user name should be present in a auth users line for this target, and a password file should be specified with the secrets file option.

It is this secrets file that contains mappings between user names and passwords in the following format:

username:password

And it is this password that you can specify using the RSYNC_PASSWORD environment variable.

If the rsync daemon isn't running on the target machine, and you don't care about exposing passwords to everyone on the local machine (Why shouldn't someone use passwords in the command line?), you can use sshpass:

 sshpass -p "password" rsync root@1.2.3.4:/abc /def

Note the space at the start of the command, in the bash shell this will stop the command (and the password) from being stored in the history. I don't recommend using the RSYNC_PASSWORD variable unless absolutely necessary (as per a previous edit to this answer), I recommend suppressing history storage or at least clearing history after. In addition, you can use tput reset to clear your terminal history.

You can use standard ssh identities to do passwordless login. This is handled by default if you have a ~/.ssh/id_rsa or the like, but you can also hardcode your own path to the private key of an authroized keypair.

This allows batching/scripting without exposing passwords, and the public key can be remove from the target server if the private key is ever comprimised.

rsync -e"ssh -i /path/to/privateKey" -avR $sourcedir $ruser@$rhost:~/$rdir/

You can also add arugments like -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null to not force remote host key verification. !Caution - that opens up man in the middle attacks and is general bad practice!

Very useful for scripting is to use --password-file command line option.

• Create empty file called rsync_pass


• write in password to this file (nothing more)


• chmod 600 rsync_pass


• rsync $args --password-file=rsync_pass user@rsynchost::/share localdirectory

This can be used for scripting and allows to be more secure that just exporting password to system variable.