Login/Register
Host Key Verification Failed with sshpass rsync
Asked Answered
Solved sshrsyncsshpass
R

4

11

On my linux server I run the command:

sshpass -p 'password' rsync -avz /source/folder/ [email protected]:/dest/folder

When I run the command without sshpass it will provide me with prompts for authenticity of host and the password.

I need some equivalent to "-o StrictHostKeyChecking=no" (which I use for ssh) that will allow me to run this with no prompts or errors.

Everything I saw from googling was about ssh throwing the error not rsync.

Rhiana answered 2/6, 2017 at 21:27 Comment(0)
R
7

I found the following command at cyberciti. This allowed me to do exactly what I needed.

$ rsync --rsh="sshpass -p myPassword ssh -o StrictHostKeyChecking=no -l username" server.example.com:/var/www/html/ /backup/

Rhiana answered 2/6, 2017 at 21:35 Comment(5)
That is very bad practice to skip the only check that prevents you from malicious attackers getting between you and you server and stealing your passwords, listen to whatever you transfer and potentially modify that.Chane
I don't care about that. My server and it's entire network is physically enclosed in a secured room.Rhiana
Bypassing security checks - the only check that was used in your case - should never be the solution. And it should never be the accepted answer. It may be the solution to your specific problem and you accept the risk in your case, but that doesn't mean it's the best solution for everyone else. I encourage you to rethink your "accepted answer".Photomontage
the same works to sftp -o StrictHostKeyChecking=noDaredevil
Be cautious when using sshpass because the password is exposed in plain text in your shell history and to other users on the system.Store the password in a file and read it in the script, like this : sshpass -f /path/to/password_fileHowdoyoudo
C
24

If you want to connect to new server, which public key is not yet in your ~/.ssh/knonwn_hosts, you should not skip this only security check, but rather store the server host key in the known_hosts manually, verify that it is correct and then make the automatic check working.

Simplest way to get the known hosts populated with the server host key is using

ssh-keyscan server-ip >> ~/.ssh/known_hosts

After that, you should not need to use the StrictHostKeyChecking=no workaround.

Chane answered 4/6, 2017 at 9:7 Comment(1)
For those running SSH on non-standard port, the cmd should be: ssh-keyscan -p port server-ip >> ~/.ssh/known_hostsDoited
A
11

This is the right command without output errors:

sshpass -p "yourpassword" rsync -rvz -e 'ssh -o StrictHostKeyChecking=no -p 22' --progress  [email protected]:/backup/origin /backup/destination/
Alenaalene answered 22/8, 2017 at 20:31 Comment(2)
The key to the solution is to add the SSH option -o StrictHostKeyChecking=noDoited
The same works to sftp -o StrictHostKeyChecking=noDaredevil
R
7

I found the following command at cyberciti. This allowed me to do exactly what I needed.

$ rsync --rsh="sshpass -p myPassword ssh -o StrictHostKeyChecking=no -l username" server.example.com:/var/www/html/ /backup/

Rhiana answered 2/6, 2017 at 21:35 Comment(5)
That is very bad practice to skip the only check that prevents you from malicious attackers getting between you and you server and stealing your passwords, listen to whatever you transfer and potentially modify that.Chane
I don't care about that. My server and it's entire network is physically enclosed in a secured room.Rhiana
Bypassing security checks - the only check that was used in your case - should never be the solution. And it should never be the accepted answer. It may be the solution to your specific problem and you accept the risk in your case, but that doesn't mean it's the best solution for everyone else. I encourage you to rethink your "accepted answer".Photomontage
the same works to sftp -o StrictHostKeyChecking=noDaredevil
Be cautious when using sshpass because the password is exposed in plain text in your shell history and to other users on the system.Store the password in a file and read it in the script, like this : sshpass -f /path/to/password_fileHowdoyoudo
N
1

In some cases sshpass attempts find "assword" as the default password prompt indicator. But rsync can return similar string:

Enter passphrase for key '/home/user/.ssh/private_user_key':

So, try to add '-P' parameter:

sshpass -p "yourpassword" -P 'Enter passphrase for key' rsync 111.111.111.111:/backup/origin /backup/destination/

Path to your private key you can set in /home/user/config or set with -e parameter like that:

sshpass -p "yourpassword" -P 'Enter passphrase for key' rsync -e 'ssh -i /home/user/.ssh/private_user_key' 111.111.111.111:/backup/origin /backup/destination/

More inf about default password prompt indicator:

$ sshpass -V
sshpass 1.06
(C) 2006-2011 Lingnu Open Source Consulting Ltd.
(C) 2015-2016 Shachar Shemesh
This program is free software, and can be distributed under the terms of the GPL
See the COPYING file for more information.

Using "assword" as the default password prompt indicator.
Nutation answered 16/4, 2018 at 11:26 Comment(1)
After bouncing around the web trying to figure out my issue, this -P 'Enter passphrase for key' solved my connection issues. Thank you.Dudeen

© 2022 - 2024 — McMap. All rights reserved.