Mirror Your Web Site With rsync On Fedora 10 - Page 2

5 Configure server1.example.com

Now log in through SSH on server1.example.com as someuser (not root!)...


su someuser

... and do this:


(Please do this as someuser!)

mkdir ~/.ssh
chmod 700 ~/.ssh
mv ~/mirror-rsync-key.pub ~/.ssh/
cd ~/.ssh
touch authorized_keys
chmod 600 authorized_keys
cat mirror-rsync-key.pub >> authorized_keys

By doing this, we have appended the contents of mirror-rsync-key.pub to the file /home/someuser/.ssh/authorized_keys. /home/someuser/.ssh/authorized_keys should look similar to this:


(Still as someuser!)

vi /home/someuser/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1[...]qqOyXtbUx7HOMEw== [email protected]

Now we want to allow connections only from server2.example.com, and the connecting user should be allowed to use only rsync, so we add


right at the beginning of /home/someuser/.ssh/authorized_keys:


(Still as someuser!)

vi /home/someuser/.ssh/authorized_keys
command="/home/someuser/rsync/checkrsync",from="server2.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3NzaC1[...]qqOyXtbUx7HOMEw== [email protected]

It is important that you use a FQDN like server2.example.com instead of an IP address after from=, otherwise the automated mirroring will not work!

Now we create the script /home/someuser/rsync/checkrsync that rejects all commands except rsync.


(We still do this as someuser!)

mkdir ~/rsync
vi ~/rsync/checkrsync


                echo "Rejected"
                echo "Rejected"
                echo "Rejected"
                echo "Rejected"
                echo "Rejected"
                echo "Rejected"
        rsync\ --server*)
                echo "Rejected"
chmod 700 ~/rsync/checkrsync


6 Test rsync On server2.example.com

Now we must test on server2.example.com if we can mirror server1.example.com without being prompted for someuser's password. We do this:


(We do this as root!)

rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/

(The --delete option means that files that have been deleted on server1.example.com should also be deleted on server2.example.com. The --exclude option means that these files/directories should not be mirrored; e.g. --exclude=**/error means "do not mirror /var/www/html/error". You can use multiple --exclude options. I have listed these options as examples; you can adjust the command to your needs. Have a look at

man rsync 

for more information.)

You should now see that the mirroring takes place...

[[email protected] ~]# rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/
receiving incremental file list

sent 62 bytes received 48 bytes 73.33 bytes/sec
total size is 20 speedup is 0.18
[[email protected] ~]#

... without being prompted for a password! This is what we wanted.


7 Create A Cron Job

We want to automate the mirroring, that is why we create a cron job for it on server2.example.com. Run crontab -e as root:


(We do this as root!)

crontab -e

and create a cron job like this:

*/5 * * * * /usr/bin/rsync -azq --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/

This would run rsync every 5 minutes; adjust it to your needs (see

man 5 crontab

). I use the full path to rsync here (/usr/bin/rsync) just to go sure that cron knows where to find rsync. Your rsync location might differ. Run


(We do this as root!)

which rsync

to find out where yours is.


Share this page:

Suggested articles

3 Comment(s)

Add comment


By: Nelson


 know that this is not the place, where a person should ask for help, but I found something that probably a few others may find too, and it would be a shame if for a small thing this how-to could not produce the desired results.

Anyway, I found that (in my case) the authorized_keys file does not work as it should. After some trial and error, I discovered that using the parameter ' from="server2.example.com" ' result in the rsync command from server1 asking for the password for 'someuser'. If we take this parameter from the authorized_keys file, the rsync command works like a charm.

 I feel that this may lead to an unsecure system, since it may allow a rsync command from any other host, but since i am not sure, this would be a doubt i have.

 Thanks in advance, Nelson Ribeiro.

By: joseph

I found out after several hours of redoing these steps that if you are ssh-ing into any of the computers, ie server1 or server2, you need to ssh into the fqdn to do the key generator and rsync-ing.  Other wise the keys will not match and you will need to put in the someuser's password.


Fedora13, clean install on 6 machines

with: https://www.howtoforge.com/mysql_database_replication

and: https://www.howtoforge.com/high-availability-load-balancer-haproxy-heartbeat-fedora8, but changed to keepalived instead of heartbeat.

By: Senthil


 Its work fine...But its asking password when ever connect to master.Also crontab can't be work by this reason.

 Please  any one help me.