rsync with ssh

[kaancho12]

hi,
i was looking at some of the .ssh scripts in authorized_keys (in .ssh/authorized_keys) file and saw this:
command="rsync --server -vulogDtprz . /backup/" ssh-rsa AIEAyb3/4wmwNR17wR0C7EArUg7UUPaY6yA+BmPqSi2/nIgyYfYJ3wvqdegTr3T+IoELabL7sAelinPWD1SeB/dsWHDD9cpLndwrfH1PslopgzUidVv4PZa1iQ6hq2DcNOHIysfX2uP/X4sNowWrypl86L5om0Nlk6EFdVi3rNvVmhM= root@ipaddress
It is used when our local machine backs up file to the "ipaddress" but i am not sure if i understand how the first part (command="rsync ") works inside the authorized_keys file. any clue?
ko12

 

[mrballcb]

There are 4 separate fields on that line, separated by a space.

1) command="...": When a user connects using this key, the
command will be executed.
2) ssh-rsa: The type of key, it just means it's using RSA
instead of the other popular option, DSA.
3) AIEA...: The actual key, it's a text interpretation of half
of the 1024 bit kit (the other half is in the ~/id_rsa.pub
of the machine that the ssh occurs from).
4) user@ip: The user should be making the connection as this
person. Prevents Bob from making a connection using
Alice's key unless he can actually log on to a machine
as Alice (in which case, he would have no need to try to
do it as Bob in the first place!)

So in your case, someone needs only to make an rsync via ssh
connection from a client that has the correct private
key to this backup server, and it will accept an rsync
from the client to the backup server. All of this is done
(it appears) passwordless because the password in the
public/private key pair is blank.

Many people use passwordless key-based ssh connections for
remote scripts. There are two distinct advantages:
1) The connection is encrypted with typically 1024 bit.
2) The authentication is superior to the simple rsh style
if "trust the user says who he says he is".

Of course, if any box gets 0wn3d, then passwordless ssh
can be just as big of a nightmare as attackers then have
access to any machine that it's set up on.