rclone的sftp/ssh应用实践

2023-04-20 18:22:18

一、Rclone 简介^[1]

Rclone是一个命令行程序，用于管理云存储上的文件。它是云供应商web存储界面的一个功能丰富的替代品。超过40种云存储产品支持rclone，包括S3对象存储、业务和消费者文件存储服务以及标准传输协议。

RCONE具有与unix命令rsync、cp、mv、mount、ls、ncdu、tree、rm和cat相当的强大云功能。Rclone熟悉的语法包括shell管道支持和--dry-run 保护。它在命令行、脚本中或通过其API使用。

用户称rclone为“云存储的瑞士军刀”，以及“与魔法无法区分的技术”。

Rclone真的很关心你的数据。它始终保留时间戳并验证校验和。有限带宽上的传输；从上次传输的良好文件开始，可以重新启动间歇性连接或受配额限制的连接。您可以检查文件的完整性。在可能的情况下，rclone采用服务器端传输，以大限度地减少本地带宽使用，并在不使用本地磁盘的情况下从一个提供商传输到另一个提供商。

虚拟后端包装本地和云文件系统，以应用加密、压缩、分块、散列和连接。

Rclone将任何本地、云或虚拟文件系统作为磁盘安装在Windows、macOS、linux和FreeBSD上，并通过SFTP、HTTP、WebDAV、FTP和DLNA提供服务。

Rclone是一款成熟的开源软件，初的灵感来自rsync，是用Go编写的。友好的支持社区熟悉各种用例。官方Ubuntu、Debian、Fedora、Brew和巧克力回购。包括一个。对于新版本，建议从http://rclone.org下载。

Rclone广泛应用于Linux、Windows和Mac上。第三方开发人员使用rclone命令行或API创建创新的备份、恢复、GUI和业务流程解决方案。

Rclone承担着与云存储通信的重任。

、Rclone同步工具常用用法参考

三、Rclone SSH/SFTP方式挂载Linux目录

经常使用Linux服务器的同学，有时候可能会用到数据同步的，常用的rsync，scp等。现在不妨可以体验一上rclone。

生成ssh公钥密钥

ssh-keygen -q -t rsa -b 4096 -C "rclone key" -N "" -f ~/.ssh/rclone
cd ~/.ssh/
cat rclone* > rclone-merged   # <- 须做项，否则会连接失败

在服务器server中添加pub key到~/.ssh/authorized_keys

ssh-copy-id -i ~/.ssh/rclone.pub root@192.168.32.33

rclone配置

rclone config
Enter configuration password:
password:  # <- 输入密码
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> movie
Option Storage.
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value.
 1 / 1Fichier
   \ "fichier"
 2 / Alias for an existing remote
   \ "alias"
 3 / Amazon Drive
   \ "amazon cloud drive"
 4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, SeaweedFS, and Tencent COS
   \ "s3"
 5 / Backblaze B2
   \ "b2"
 6 / Better checksums for other remotes
   \ "hasher"
 7 / Box
   \ "box"
 8 / Cache a remote
   \ "cache"
 9 / Citrix Sharefile
   \ "sharefile"
10 / Compress a remote
   \ "compress"
11 / Dropbox
   \ "dropbox"
12 / Encrypt/Decrypt a remote
   \ "crypt"
13 / Enterprise File Fabric
   \ "filefabric"
14 / FTP Connection
   \ "ftp"
15 / Google Cloud Storage (this is not Google Drive)
   \ "google cloud storage"
16 / Google Drive
   \ "drive"
17 / Google Photos
   \ "google photos"
18 / Hadoop distributed file system
   \ "hdfs"
19 / Hubic
   \ "hubic"
20 / In memory object storage system.
   \ "memory"
21 / Jottacloud
   \ "jottacloud"
22 / Koofr
   \ "koofr"
23 / Local Disk
   \ "local"
24 / Mail.ru Cloud
   \ "mailru"
25 / Mega
   \ "mega"
26 / Microsoft Azure Blob Storage
   \ "azureblob"
27 / Microsoft OneDrive
   \ "onedrive"
28 / OpenDrive
   \ "opendrive"
29 / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
   \ "swift"
30 / Pcloud
   \ "pcloud"
31 / Put.io
   \ "putio"
32 / QingCloud Object Storage
   \ "qingstor"
33 / SSH/SFTP Connection
   \ "sftp"
34 / Sia Decentralized Cloud
   \ "sia"
35 / Sugarsync
   \ "sugarsync"
36 / Tardigrade Decentralized Cloud Storage
   \ "tardigrade"
37 / Transparently chunk/split large files
   \ "chunker"
38 / Union merges the contents of several upstream fs
   \ "union"
39 / Uptobox
   \ "uptobox"
40 / Webdav
   \ "webdav"
41 / Yandex Disk
   \ "yandex"
42 / Zoho
   \ "zoho"
43 / http Connection
   \ "http"
44 / premiumize.me
   \ "premiumizeme"
45 / seafile
   \ "seafile"
Storage> sftp  # or 33
Option host.
SSH host to connect to.
E.g. "example.com".
Enter a string value. Press Enter for the default ("").
host> 192.168.32.33
Option user.
SSH username, leave blank for current username, ethan.
Enter a string value. Press Enter for the default ("").
user> root
Option port.
SSH port, leave blank to use default (22).
Enter a string value. Press Enter for the default ("").
port> 22
Option pass.
SSH password, leave blank to use ssh-agent.
Choose an alternative below. Press Enter for the default (n).
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g/n> n
Option key_pem.
Raw PEM-encoded private key.
If specified, will override key_file parameter.
Enter a string value. Press Enter for the default ("").
key_pem> #回车
Option key_file.
Path to PEM-encoded private key file.
Leave blank or set key-use-agent to use ssh-agent.
Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
Enter a string value. Press Enter for the default ("").
key_file> ~/.ssh/rclone-merged
Option key_file_pass.
The passphrase to decrypt the PEM-encoded private key file.
Only PEM encrypted key files (old OpenSSH format) are supported. Encrypted keys
in the new OpenSSH format can't be used.
Choose an alternative below. Press Enter for the default (n).
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g/n> n
Option pubkey_file.
Optional path to public key file.
Set this if you have a signed certificate you want to use for authentication.
Leading `~` will be expanded in the file name as will environment variables such as `${RCLONE_CONFIG_DIR}`.
Enter a string value. Press Enter for the default ("").
pubkey_file> #回车
Option key_use_agent.
When set forces the usage of the ssh-agent.
When key-file is also set, the ".pub" file of the specified key-file is read and only the associated key is
requested from the ssh-agent. This allows to avoid `Too many authentication failures for *username*` errors
when the ssh-agent contains many keys.
Enter a boolean value (true or false). Press Enter for the default ("false").
key_use_agent> #回车
Option use_insecure_cipher.
Enable the use of insecure ciphers and key exchange methods.
This enables the use of the following insecure ciphers and key exchange methods:
- aes128-cbc
- aes192-cbc
- aes256-cbc
- 3des-cbc
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group-exchange-sha1
Those algorithms are insecure and may allow plaintext data to be recovered by an attacker.
Enter a boolean value (true or false). Press Enter for the default ("false").
Choose a number from below, or type in your own value.
 1 / Use default Cipher list.
   \ "false"
 2 / Enables the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange.
   \ "true"
use_insecure_cipher> #回车
Option disable_hashcheck.
Disable the execution of SSH commands to determine if remote file hashing is available.
Leave blank or set to false to enable hashing (recommended), set to true to disable hashing.
Enter a boolean value (true or false). Press Enter for the default ("false").
disable_hashcheck> #回车
Edit advanced config?
y) Yes
n) No (default)
y/n> n
--------------------
[movie]
type = sftp
host = 192.168.32.33
user = root
port = 22
key_file = ~/.ssh/rclone-merged
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:

Name                 Type
====                 ====
movie                sftp

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q

测试一下

rclone mount movie:/var/log ./remote --daemon
Enter configuration password:
password: # 输入密码

# ls
ls -l ./remote
...
drwxr-xr-x  2 root   root              4096 Dec 11  2017 sysstat
-rw-rw-r--  1 root   utmp               768 Dec  4 08:53 wtmp
-rw-rw-r--  1 root   utmp              9984 Nov 30 18:56 wtmp.1