From linux-audit.com
Rsync is still one of the most popular tools to synchronize files between two systems. Although it has a few caveats when dealing with special files, it can do its job very well. In this explainer we will show how to use it in combination with SSH and at the same restrict SSH access to only allow the rsync job to run.
In this article we refer to system01 having the original files and it wants to send them to the receiving system (system02)
CREATE USER ON RECEIVING SYSTEM
The system that receives the files (system02) should have a user that will be used for the file transport. Typically this is a dedicated user for file transfers. For this example we call it backupuser. The user does not need a password, as we don’t want interactive logins.
adduser --disabled-password --shell /bin/bash --gecos "Backup user" backupuser
GENERATE THE KEY
Using the ssh-keygen utility we can create a new key. In this example we will store the SSH keys in /data/ssh-keys and restrict access, so let’s create that path first.
mkdir -p /data/ssh-keys
chmod 700 /data/ssh-keys
Next step is the creating of the key: ssh-keygen -t ed25519 -f /data/ssh-keys/backupuser-key -C "backupuser for system1"
The -t defines the type of key, in this case Ed25519. For modern versions of SSH this will be the default, but older systems might still use RSA. By defining the type we ensure that we have the right type.