Keywords: rsync | SSH port | file synchronization | system configuration | network security
Abstract: This article provides a comprehensive exploration of methods for specifying non-standard SSH ports when using rsync for file synchronization. Through analysis of command-line parameters and SSH configuration files as two primary solutions, combined with practical case studies, it demonstrates proper port configuration techniques. The article also delves into port configuration challenges encountered in specific environments like ReadyNAS systems and provides corresponding solutions. Content covers key technical aspects including rsync command parameter parsing, SSH configuration optimization, and system-level configuration adjustments, offering complete technical reference for system administrators and developers.
Core Concepts of rsync and SSH Port Configuration
rsync, as a powerful file synchronization tool, typically establishes secure connections through the SSH protocol. By default, SSH uses the standard port 22 for communication. However, in actual production environments, administrators often need to deploy SSH services on non-standard ports due to security considerations or network architecture requirements.
Specifying SSH Port via Command Line Parameters
The most direct method is to use the -e parameter in the rsync command to specify a custom SSH command. When the SSH service runs on port 2222, the correct command format should be:
rsync -rvz -e 'ssh -p 2222' --progress ./dir user@host:/pathThe advantage of this approach lies in its flexibility, allowing dynamic specification of different ports with each execution. It is important to note that the SSH command must be enclosed in quotes to ensure proper parameter passing. The original approach of placing the port number directly after the hostname is incorrect, as it causes rsync to misinterpret the port number as part of the path.
Permanent Settings through SSH Configuration Files
For scenarios requiring frequent connections to the same host, modifying the SSH client configuration file provides a more elegant solution. Add the following to the ~/.ssh/config file in the user's home directory:
Host host
Port 2222After configuration, all commands connecting to this host via SSH (including rsync) will automatically use the specified port 2222. This method simplifies daily usage by eliminating the need to repeatedly specify port parameters with each command execution.
System-Level Configuration Challenges and Solutions
In certain specific system environments, such as ReadyNAS devices, configuring non-standard SSH ports through graphical interfaces may encounter limitations. Reference articles describe users attempting to set target ports by modifying the /etc/ssh/ssh_config file or directly editing SQLite databases, only to find that the system still uses the default port 22.
In-depth analysis reveals that the root cause lies in the configuration synchronization mechanism between frontend interfaces and backend services. Although database fields like dst_port can be modified to custom port values, the actual rsync execution process may not correctly read these configurations.
Advanced Configuration Techniques
For scenarios requiring fine-grained control, backup job configuration files can be directly edited. In the /etc/frontview/backup_jobs.conf file, configuration segments similar to the following can be found:
<dst_port>30462</dst_port>Modifying the port value to the desired custom port suffices. It is important to note that any configuration modifications made through the graphical interface may reset these manually set port values, necessitating corresponding maintenance strategies.
Security Considerations and Best Practices
Using non-standard SSH ports is a common security hardening measure that can reduce scanning by automated attack tools. However, this should not be considered the only security measure. It is recommended to combine other security mechanisms, such as key authentication, firewall rules, and intrusion detection systems, to build a multi-layered security protection framework.
Troubleshooting and Verification
After configuration completion, it is advisable to use tcpdump or similar tools to verify the actual network connection port:
tcpdump -i any port 2222This confirms whether rsync is truly using the specified non-standard port for communication. Simultaneously, checking system logs helps identify configuration issues or reasons for connection failures.
Summary and Outlook
Through two primary methods—command-line parameters and SSH configuration files—users can flexibly use non-standard SSH ports with rsync. Although certain system environments may present configuration limitations, most requirements can be met through deep understanding of underlying mechanisms and appropriate workaround solutions. With technological advancements, it is expected that more systems will provide more user-friendly support for non-standard port configuration.