I was unable to run a rsync from this project to my local server. So this is where I decided to leverage another server as intermediary, using a SSH tunnel.
SSH Tunneling is quite basic to understand. You have a computer A that wants to reach the computer B. You do it through computer C, through SSH. The advantage (or disadvantage, depending on what you are looking for) is that you can easily script a SSH tunneling or set it up just for 1 service.
In my case, I have several RSYNC task in parallel for different projects. I just wanted 1 rsync script to use my SSH tunnel.
How to do it?
Well first, you need to have access to another server (that can access the server you want to reach) and have SSH access there.
1) On the intermediary server, install Netcat
The intermediate server that will be used to do the SSH tunnel, will require netcat. On the machine, simply run:
sudo apt-get install netcat
2) Enable passwordless authentification
To enable passwordless authentication from your server to the intermediary server, you need to add your SSH key as authorized key on the intermediary server.
If you don’t have a SSH key, on your server, simply run:
to generate a SSH key.
Then, you need to copy this key to the intermediary server’s authorized key. Still on your server, run:
ssh-copy-id -i ~/.ssh/key user@intermediaryhost
Make sure you use the right .ssh/key filename and the right ssh credentials of the intermediaryhost.
If all goes well, you should be able to connect, passwordless to your intermediary host. To test, simply run:
3) Run Rsync through the SSH tunnel
You probably want to have your SSH tunnel used only when RSYNC is running. And the good news is that Rsync support this very well. You need to use the RSYNC_CONNECT_PROG environment.
On your server, you can run it in a single command line like this:
RSYNC_CONNECT_PROG='ssh -l user intermediaryhost nc %H 873' rsync -av --progress rsync.torproject.org::amnesia-archive /media/Stockage/Mirrors/Tails
Of course, replace user and intermediaryhost by your SSH tunnel user and host and then complete the rsync command like you usually do.