![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
If you use 'PermitRootLogin no' in your sshd_config and a locked-down sudo (requiring a password to upgrade powers), logging in to a machine as root is not allowed. This can be a pain when you want to rsync files between two machines, as root on both sides to preserve permissions and ownership. There is a fun little hack that you can use to get around this, that I'll document here.
- Ensure your SSH agent is running and has a key present.
- Open two shells, we will call them A and B (instructions prefixed with either or 'Both' below)
- We will use A to connect to the source, and B to connect to the destination.
- Both: SSH to the relevant machines, forwarding your agent, using 'ssh -A hostname'
- Both: Run 'sudo su', authenticating to sudo. Do not use 'sudo su -', as we need to preserve our SSH agent information.
- B: Run your rsync command as normal, but include the following option: --rsync-path='sudo rsync'
You should not get a password prompt! If you do get one, your sudo authentication did not propagate on the source machine properly. You cannot enter a password at this prompt either, it will never reach sudo, as rsync does not pass your input to it.
Alternatively, if your rsync version does not have a usable 'rsync-path' option (non-existant or wants a full path to a single program), you can use the -e option as: -e 'ssh user@source sudo /usr/local/bin/ignorefirst'. /usr/local/bin/ignorefirst is the following tiny script:
#!/bin/sh shift exec "$@"
The '-e' method is a lot more flexible, you can chain SSHs in it for example. You only need the 'ignorefirst' script because rsync puts the the hostname as the immediate next argument to the contents of '-e' commands.