I am trying to use this image to rsync a backups volume every day automatically.
I tried to manually run my rsync command using this image and it works fine. But the problem is that when the command is done the container is exiting. Perhaps this is the intended behavior, but this is quite problematic for my use case: the rsync should be run automatically.
The fact that the /etc/periodic folders exist makes me think that this image can run in the background.
Here's an excerpt from my compose file :

  backupRsync:
    container_name: backupRsync
    image: instrumentisto/rsync-ssh
    volumes:
      - backups:/backups
      - ./backup/backup-rsync.sh:/etc/periodic/daily/backup-rsync.sh # every day at 02:00
    depends_on:
      - backuper
    logging:
      driver: "json-file"
      options:
        max-size: "512m"
    restart: unless-stopped

If I add a "while true; do sleep 10; done" command section, the container does not stop. But it feels like a dirty workaround. Is there a way to keep this image running? Thanks.

It seems the image can not resolve certificates in many cases. In our case; letting CircleCI attach a workspace (which downloads an artifact from aws).

Error message:

RequestError: send request failed x509: certificate signed by unknown authority

Adding ca-certificates in Alpine solves the problem, as described in aws/aws-sdk-go#2322 (comment)

Add RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* to dockerfile

Resources

https://discuss.circleci.com/t/requesterror-x509-certificate-signed-by-unknown-authority-while-uploading-workspace/27908

I am using this command:

root@NAS:/# docker run --rm --name=rsync_sg2nas -i -v /root/.ssh:/root/.ssh -v /volume2/docker/@OCI-SG:/mnt instrumentisto/rsync-ssh \
    rsync -avzut --exclude 'ollama' --exclude 'pgsql' --exclude 'ubuntu' --delete --rsync-path="docker run --rm -i -v /docker:/mnt instrumentisto/rsync-ssh rsync" \
        SG:/mnt/ /mnt/

My goal is to synchronize the data in the /Docker directory from the remote server SG to the local server /volume2/Docker/@OCI-SG

The error I encountered is:

docker: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Head "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(231) [Receiver=3.2.7]

I tried to add the following parameters but did not solve the problem:

--user root
--privileged
-v /var/run/docker.sock:/var/run/docker.sock

I am not sure if a root account is required in the remote server, as my root account cannot be directly used for login, so I don't know how to solve this problem

Additional information

In the local server, I use the root account and can use containers such as Watchtower and Portainer that require Docker Daemon permissions

Remote server: Ubuntu (Linux 6.5.0-1018 Oracle # 18~22.04.1 Ubuntu SMP Sat Feb 17 22:00:50 UTC 2024 aarch64 aarch64 GNU/Linux)

Local server: Synology NAS (Linux 3.10.108 # 69057 SMP Fri Jan 12 16:59:54 CST 2024 x86_64 GNU/Linux Synology Braswell 716+)

For example:
rsync -avz --rsync-path="docker run -i --rm -v SOMEVOLUME:/mnt instrumentisto/rsync-ssh rsync" SOMEHOST:/mnt/ SOMELOCALPATH/

;-)

I would often prefer to use a fixed version, rather than latest. Please create a version 0.1, 1.0 or whatever. :-)

Trivy Vulnerability Scanner detects CVE-2021-3520 with score of 9.8 detected in latest (alpine3.15-r0) version.
https://avd.aquasec.com/nvd/cve-2021-3520/

Please update lz4-libs to version: 1.9.3-r1 or higher.

Would it be possible for you to provide an arm version of this so that it can be used on a raspberry pi? Many thanks

Hi,
i was testing with following command
docker run -rm -i --net=host -v ~/.ssh:/root/.ssh -v /mnt:/mnt instrumentisto/rsync-ssh rsync -az --progress --zc=zstd --rsync-path="sudo docker run --rm -i --net=host -v ~/.ssh:/root/.ssh -v /mnt:/mnt instrumentisto/rsync-ssh rsync" user@ip:/mnt/...pathtofile /mnt/localfolder

The file is copied succesfully to localfolder but the docker command doesn't exit.
Any help?

While this command docker run -rm -i --net=host -v ~/.ssh:/root/.ssh -v /mnt:/mnt instrumentisto/rsync-ssh rsync --version sucesfully exit after run.

We have two ubuntu host systems[ssh client and ssh server] with docker container running on the client. our aim is to transfer the file from server host to client host using the docker container[instrumentisto /rsync-ssh ]running on the client.
We have generated the public and private key on the client[id_rsa,id_rsa.pub] and added the public key in the authorized_keys file on the server. we have tried the following command and we're getting the "Host key verification failed" error.

sudo docker run --rm -i -v /home/testuser1/.ssh/:/ssh-key/ -v /home/testuser1/client_rsync/:/mnt/ instrumentisto/rsync-ssh rsync -auvz -e "ssh -i /ssh-key/id_rsa" testuser1@[ip address of server]:/home/testuser1/server_rsync/ /mnt/

Note: we have verified the keys by ssh login from the client to server and it logs in without password

If when needing to provide an ssh key or basic credentials for the rsync over ssh remote endpoint, do you have best practices or documented strategies?

I intend to have a container from the image in a docker-compose stack as a service rsync over ssh so it can be used by other services in the stack. So it is not going to be a manually typed line, and want to have the ssh key or credentials available but securely accessible to the container from the environment.

I've considered volume bind mounting to the host and have the host have a user's ssh id_rsa be the ssh identity, etc. but curious what other ways might be possible and/or recommended so that security measures can be upheld as best as possible.

Maybe the documentation can be updated to include some various examples of how this might be handled?