Automated rsync backups with ssh key restrictions

For the first time ever I wanted to make an rsync script to back up a couple of remote servers, restricting the commands by the use of a key. I wanted to restrict the commands that could be run with that key in case of compromise, since there needs to be no passphrase on the key. I’m not going to explain the theory or most of the commands, since you (I) already know.

Doing some googling, I found this which was pretty close, but I wanted it here (so I could find it again) and with fewer words. I ripped off the script wholesale:


echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
rsync\ --server*)
echo "Rejected"

There’s probably some holes in it, but it’s close enough for government work. Then, add to authorized_keys:

from="hostname",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/path/" thebackupkey

And a sample backup script:

echo "Starting rsync at ${MYD}" >> ${LOGF}
/usr/bin/rsync -q -a --delete -e "ssh -i /the/.ssh/backup_key" userid@remote:/home/asdf/ asdf/
echo "Finished at ${MYD}" >> ${LOGF}

Call that in cron and you (I) should be good to go.

ETA: you might get “protocol mismatch” errors from rsync. TFM will tell you it’s because there’s output from your shell. TFM might be wrong. I’m still getting this error from one host I’m doing this with, but not the other. Since both are FreeBSD 8.4 machines, I’m somewhat mystified. Anyway, this might be enough to get started.

Hello, goodbye

You liked F1 racing and made me look kind of reactionary. You hated Zen and people misusing or misspelling Latin phrases. It was fun to tease you by writing koan-style poetry ending in “per say.”

It was good knowing you, Andy.

Double click for new terminal

I’m completely dumb at the Apple-way-of-scripting. I wanted something I could throw on my desktop that I could double click and it would open a terminal window and ssh somewhere. I’m not sure how useful this will actually *be* to me, but given it took me non-zero time with google to figure it out… thanks to various stackoverflow posts.

Open Applescript Editor. Put in:

tell application Terminal
do script "ssh hostname"
set bounds of front window to {63, 640, 1212, 1022}
end tell

File | Export … and save it as an application. Put it on your desktop, giving it a reasonable name. Done. If you want to later edit the script (say, to set boundaries :) ), right click, Show Package Contents, then go into Contents\Resources\Scripts and edit the main.scpt file you’ll find. The “set bounds” statement places the window at the bottom-left-ish and makes it 160×25 at my current resolution and font size. I can’t figure out how to tell Terminal to just set itself to 160×25 without also moving it, and I expect that the actual characters displayed depends on font, size, etc.

Making usable

Thunderbird finally drove me over the edge. Might have been that whole “no new features OH HEY YOU CAN IRC FROM YOUR MUA” – guys, if I wanted emacs, I’d use it.

I used to care a lot about Enigmail. For various reasons, I care less about it now. There are, however, a few things that I would miss about it. Oddly, the one that I kind of missed the most is the most whimsical – I like having my default signatures rotate. So I did a bit of digging, and came up with some applescript (courtesy‘s post on the subject) only slightly modified.

Also, being a complete Mac-centric scripting n00b, I wasn’t sure how to make things go. Save the Applescript into a file called… anything. Run osacompile against it. You can call the resulting compiled script from your .bashrc with osascript, something like

osascript /Users/foo/bin/sigrot.scpt

Another relatively minor irritation is the default behaviour of never marking mail as read, or marking it as read instantly. You can theoretically fix that with

defaults write MarkAsReadDelay 4

but that didn’t work for me (10.8.1). Instead, I used TruePreview.

Now, if only I could convince it to show me messages most recent at the top, but when they’re threaded, show them most recent at the bottom.

Documentation and maturity

There are three stages of maturity when it comes to getting things work and documenting how you did it.

1) I got it working, hurray! Run away before it breaks.

2) I got it working, hurray! And I took notes while I was getting it working, so I’m good. Run away before it breaks

3) I got it working, hurray! And I took notes while I was getting it working, so I’d better start from scratch and make sure my notes work.