rsync

wp:rsync (Remote Synchronization) is a utility for efficiently transferring and synchronizing files across computer systems, by checking the timestamp and size of files; and optionally a checksum comparison. It is commonly found on Unix-like systems and functions as both a file synchronization and file transfer program. The rsync algorithm is a type of delta encoding, so that only file differences are transmitted across the network. Zlib may be used for additional compression, and SSH or stunnel can be used for data transport security.

rsync was first created by Andrew Tridgell and Paul Mackerras in 1996 ^[1].

rsync through a firewall
Andrew Tridgell's 1999 PhD thesis Efficient Algorithms for Sorting and Synchronization includes 3 chapters on rsync.

Forward SSH Agent, and switch to different user

Suppose you have 3 hosts:

your workstation
machine A
machine B

Machine A is configured so that root login is not allowed - even key-based logins (too many stupid breakin attempts). So, you've created a user 'Dan'. Dan has full sudo privileges.

Machine B is configured to allow root login, and all of Dan's public keys are listed in the authorized_keys file for /root/.ssh/authorized_keys

You want to rsync files from Machine A to Machine B, but some of those files are root-owned backups etc. A regular rsync will fail to read some files. You don't want to chmod or chown anything. Of course you start off by setting up your ssh-agent and adding your ssh keys eval $(ssh-agent) && ssh-add before connecting and forwarding your agent: ssh -A dan@machineA

Now, here's the special part: Without even needing to reconfigure sshd on Machine A, you can simply --preserve-env=SSH_AUTH_SOCK in your sudo rsync command so that using sudo doesn't break the agent forwarding for the rsync.

(On machineA)

sudo --preserve-env=SSH_AUTH_SOCK rsync -vrz --checksum /var/discourse root@machineB:/var will successfully read all files on MachineA using elevated privileges of sudo, and transfer them to MachineB

Note: to make a permanent configuration in sshd_config, you'd use something like this^[2]:

Defaults>root    env_keep+=SSH_AUTH_SOCK

References

[1] ttps://groups.google.com/g/comp.os.linux.announce/c/tZE1qtTcQaU/m/IF8GhGQ_uTsJ

[2] ttp://serverfault.com/questions/107187/ssh-agent-forwarding-and-sudo-to-another-user

[1]

[2]