Linux

From my understanding, the issue is you can't run them as background script because it is promoting you for the passphrase of the ssh key?

The easiest way to solve this is to use a ssh key that has no passphrase. Yes it's possible and it won't prompt you for it. Whenever you create a key, it asks you to enter a passphrase. If you hit enter without entering anything, there's no passphrase.

But if you just don't want ssh at all, you can use rsync daemon. Someone else mentioned it here. It's not as hard as they said, especially if you're in a local network where you're fine without encryption.

Use a restricted account with an un-passphrased key is probably by far the easiest way. You could also use rsyncd, but you'll have to fool with a whole bunch of stuff. The work involved will probably be a superset of just doing a restricted account for the rsync process to use for rsync-over-ssh.

Edit: I had totally missed that the issue was passphrase of the key, not password

Take a look at borgbackup if you want to overhault your backing up in general. It has some neat advantages.

tbh why not jsut set them up with an ssh key that doesn't have an associated passphrase? Besides that, if you don't care about encrypting like you say, then you could replace all calls to ssh with telnet.

At least that's my immediate thoughts.

Have you tried Syncthing?

You can use rrsync to set up a key without any permissions besides rsyncing to one location.

https://www.man7.org/linux/man-pages/man1/rrsync.1.html

I am also going to recommend the same solution as @matcha_[email protected] in this comment: https://lemmy.ml/comment/7998407

You can create a key pair that is specifically just for this kind of backup transaction.

To limit its affects, create a user and group on each of the devices that are highly restricted.

This is actually the most secure solution that doesn’t require an interactive password prompt. The passwordless key only serves this one purpose and has small attack surface.

Basically, you can tell SSH to allow root login on certain devices by setting up a root key pair. You configure SSH on the target device such that when it logs in, the login must run a script or a single command instead of running a shell, this limits what attackers can do if they somehow steal your private keys. You can also keep these private keys in your SSH agent so you only have to enter their passwords once, this will allow you to run remote commands without a password.

I would recommend also exploring the possibility of setting up an Rsync Daemon on each remote device, it keeps an Rsync process running on a remote device and listens for connections from Rsync clients. https://linuxconfig.org/how-to-setup-the-rsync-daemon-on-linux

On an unrelated topic: you might also want to look into using Btrfs and making and transferring snapshots to other devices.

You can run rsyncd as a service on host you wish to back up and connect to that from your central point directly without ssh. Traffic is unencrypted and I wouldn't trust on that over public network, but you can bind rsyncd to localhost and open a single ssh tunnel for each host (or even write a small script to keep tunnels open automatically) and then just run rsync over that. That's how I backup my things, just with backuppc in the mix (I've got scripts to open/close ssh tunnels at backuppc configuration). VPN tunnels are also an option to encrypt traffic, but depending on your use case that might be a bit overkill.

Or if you're not tied to rsync you could use something like BorgBackup or other tools which manage the whole jazz for you out of the box.

You can create a second SSH key without passphrase, add that to the authorised keys, and specify to use that key instead, for example using an SSH config file.

Now this is a bit of a security flaw because anyone with access to the key can use it, so you can use rrsync to make sure that key only has access to rsync, so worst case scenario it can destroy your backup, but that's expected since you want write access to your backup without inputting a password.

Ansible is the way for you I guess

netcat?