I would like to use rsync within a python script. I'm calling it using the subprocess module, and authenticating using public keys stored at the authorized_key file on the remote machine.
The only problem is that when I use rsync using a wrong remote user name, I get prompted for password, which obviously halts the backup script forever.
Can I force rsync to exit with error if it can't authenticate, rather than prompting for password?
Udi
Assuming you use rsync with an SSH remote shell (and not - for example - with an rsync server), then you can get rsync to run SSH in a way that will never ask for a password. For example, once can use this call:
This will force rsync to use SSH with 0 possible password tries - if its can't gain access using some other authentication method (like public key or GSSAPI) then it will fail with an error. Do note that rsync will not like you when that happens and will complain loudly to STDERR and break with exit code 255.
Here are the command line options for ssh that I use to keep it quiet.
ssh -o stricthostkeychecking=no -o userknownhostsfile=/dev/null -o batchmode=yes -o passwordauthentication=noYou only need the hostkey stuff if you do not maintain your known_hosts file and are worried about getting MitM warnings. Rather than specifying the authentication types as suggested by James F, I had to explicitly restrict password authentication. I use this to hit hundreds of hosts with a few different OS versions, though, so it may just be an incompatibility.
re: James's suggestion (not giving it tty), for subprocess, try putting stdin=None as a parameter to Popen.
Depending on how you are launching rsync, not giving it a TTY or PTY might help.
Many programs check if they have a controlling TTY before deciding to prompt the user for input. The default behaviour of system() and similar calls is to provide a tty to sub-programs, but you can disable this.
It also may be possible to disable password authentication entirely at the remote side if you are in control of both systems and want to get away from password authentication for the security benefits while solving this issue.
If you're doing rsync over SSH, you can add the following to your ssh_config file for the host in question, or via the -o command line switch:
On a quick test (of just ssh, not rsync) that caused SSH to exit immediately when my public key wasn't accepted without prompting me for a password.
First get the rsync to work from the shell, the command should look like.
If that fails debug the ssh command by itself. When that all works then see what happens for the python script
This is not a bad tutorial