Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Make sure perl and rrsync are installed on the destination host for the file transfers. You can just put rrsync in your personal bin directory there but make sure its executable:

    Code Block
    MyDesktop:~ > cp rrsync ~/bin
    MyDesktop:~ > chmod +x ~/bin/rrsync
  2. Generate restricted command ssh keys on Gadi:

    Code Block
    [dbs900@gadi-login-07 ~]$:~/.ssh > ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/900/dbs900/.ssh/id_rsa): /home/900/dbs900/.ssh/id_rsa_file_transfer
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/900/dbs900/.ssh/id_rsa_file_transfer.
    Your public key has been saved in /home/900/dbs900/.ssh/
    The key fingerprint is:  .... 

    Yes, that was passphrase-less - just hit return when prompted for a passphrase.

  3. Add the public key to the authorized_keys file on the file transfer target host but only with a restricted command prefix:

    Code Block
    MyDesktop:~/.ssh > cat authorized_keys
    from="gadi-dm*,gopher*,gadi*",command="~/bin/rrsync /data/archive",no-port-forwarding,no-
    X11-forwarding,no-agent-forwarding,no-pty,no-user-rc ssh-rsa AAAAB3N ... ynuw==

    Things to note:

    • The entry has the command, other options and the public key (the bit after ssh-rsa) on the one line. Do not split them!
    • Some of the restrictive options (no-..) may not be available on your system - look at the AUTHORIZED_KEYS FILE FORMAT section on the sshd man page on your system to see what is supported. The more restrictions, the better.
    • The path under which you want data to be stored (/data/archive in this case) is given as an argument to rrsync.
  4. On Gadi use something like:

    Code Block
    rsync -vrlpt ./ExpDir/ -e "ssh -i $HOME/.ssh/id_rsa_file_transfer"
    to archive a directory on Gadi to a directory on the remote system under the nominated archive directory there.