How to Use rsync on Linux to Sync Local and Remote Directories?

Imagine losing years of hard work in an instant, putting both your data and peace of mind at risk.

Without a reliable way to keep your files consistent across systems, you leave yourself vulnerable to costly downtime, data loss, and frustrating recovery processes.

The idea of syncing files and directories might seem daunting, but, for decades, there has been a simple command-line utility: rsync.

rsync is a powerful command-line utility designed to synchronize files and directories both locally and across remote systems. Renowned for its speed, reliability, and transfer capabilities, rsync is used by developers and sysadmins to maintain consistent datasets across multiple environments. 

In this tutorial, we will discuss what rsync is and how to sync files locally and remotely.

What is rsync?

rsync, short for remote sync, is a powerful utility for transferring and synchronizing files and directories both locally and remotely. It is widely used in Linux and Unix systems due to its efficiency and flexibility. Common use cases include system backups, synchronizing files between local and remote servers, and data migration.

rsync uses a delta-transfer algorithm, which ensures that only the differences between source and destination files are transferred, minimizing data transfer and bandwidth usage.

Key Features of rsync

The following are the key features of rsync:

• Compression: Reduces the size of data during transfer to save bandwidth.
• Differential Copying: Transfers only the changed parts of files, making it highly efficient.
• Network Resilience: Supports resuming interrupted transfers.
• SSH Support: Ensures secure file transfers over the network.
• Local and Remote Synchronization: Can sync files between directories on the same machine or across remote systems

Basic rsync Flags Explained

rsync supports various customizable flags that allow you to customize its behavior. Below are the most commonly used ones:

Flag	Purpose	Notes
-a (Archive Mode)	Recursively syncs directories, ensuring that the synchronized files remain true to their original state	The most important option in rsync’s list of switches. It preserves file attributes such as permissions, timestamps, symbolic links, and ownership. Without archive mode, synchronized files might lose their original permissions or timestamps, potentially breaking applications or causing security issues. Recommended for most use cases as it ensures the integrity of file metadata.
-v (Verbose)	Provides a detailed output of the transfer process.	The output includes which files are being copied, their sizes, transfer speeds, and progress details. Use it to troubleshoot synchronization issues, monitoring large transfers For more detailed output, you can use multiple -v flags (such as -vv or -vvv) to increase the verbosity level
-z (Compress)	Compresses data during transfer to reduce bandwidth usage, especially for large files	This flag compresses data during transfer, reducing bandwidth usage and improving sync performance, especially for large files This is particularly beneficial when synchronizing large files or working with limited bandwidth connections, such as uploading to remote servers over the internet. However, it can cause CPU overhead. We recommend avoiding -z for local transfers, as compression adds unnecessary CPU load without network savings.
-P (Progress + Partial)	-P is a combination of two options: –progress (shows transfer progress) and -partial (allows resuming interrupted transfers), which makes it indispensable for managing large or long-running transfers	It displays progress information during the transfer. It supports resuming interrupted transfers by keeping partially transferred files, saving time and bandwidth if the process gets interrupted.
-H and -L	-H preserves hard links during synchronization. -L follows symbolic links and copies the target files instead of the links themselves	Without the -H flag, hard-linked files would be copied as separate, independent files, potentially consuming significantly more disk space.

Installing rsync on Linux Distributions

As I discussed earlier, rsync is an important command-line utility for file synchronization and transfer. 

Install rsync on Debian-based Systems

To install rsync on Debian or Ubuntu-based systems, execute the following command:

# sudo apt-get install rsync -y

This command uses apt-get, the default package manager for Debian-based distributions, to install rsync automatically.

Install rsync on Fedora-based Systems

For Fedora-based systems, run the following command to install rsync:

# sudo dnf install rsync -y

Fedora uses dnf as its package manager and ensures rsync is installed and ready to use.

Prerequisites for Using rsync

Before using rsync, ensure the following prerequisites are met:

• rsync is Installed on Both Systems: rsync must be installed on both the source and destination systems. Without it, the synchronization process will fail
• SSH Access for Remote Transfers: For remote synchronization, SSH access must be configured between the two systems. This typically involves setting up a SSH key pair and ensuring the destination system accepts connections from the source system

Local File Synchronization with rsync

rsync is not just for remote servers, it is also used to sync files locally on the same machine or between mounted drives.

Synchronizing files locally using rsync is a straightforward process. You can use the utility to keep your drives and directories up-to-date with minimal effort.

The basic syntax is as follows:

# rsync -avz source/ destination/

Here,

• -a: Archive mode to preserve file attributes.
• -v: Verbose mode for detailed output.
• -z: Compress data during transfer to save bandwidth (optional and can be removed for local sync operations).
• source/: Syncs the contents of the source directory to the destination.
• destination/: The target directory where the files and directories from the source are copied.

Note: The behavior of rsync changes depending on whether the source path ends with a trailing slash (/). If you execute source (without the trailing slash), it syncs the entire directory itself into the destination, creating a subdirectory. If you execute source/ (with the trailing slash), you sync the contents of the source directory to the destination.

Let us see some of the use cases of rsync:

Exclude a Specific File

If you want to exclude a specific file during synchronization, use the –exclude option:

# rsync -avz –exclude=’file.txt’ source/ destination/

Exclude a Directory

If you want to exclude a directory (and its contents), use the –exclude=’dir/’ option:

# rsync -avz –exclude=’dir/’ source/ destination/

Perform a Dry Run

Before executing a real transfer, simulate the process using a dry run to preview changes. For this, use the –dry-run option:

# rsync -avz –dry-run source/ destination/

Using –delete to Mirror Source

To completely mirror the source directory to make the destination an exact copy, use the –delete option. This ensures that files in the destination that no longer exist in the source are removed.

# rsync -avz –delete source/ destination/

The –delete flag permanently deletes files in the destination that aren’t present in the source. We strongly recommend testing with –dry-run first before using –delete, to simulate the end process and decide whether to go forward with the transfer. 

For this, use the following command syntax:

# rsync -avz –delete –dry-run source/ destination/

Remote Synchronization Using rsync Over SSH

Remote synchronization is another popular rsync use case where files are transferred securely over a network. With SSH, rsync provides an encrypted and authenticated method for transferring data. 

Follow the steps below to set up and perform remote synchronization:

Generate SSH Key Pair

To enable passwordless authentication for rsync over SSH, you need to generate an SSH key pair on the source system. Use the following command to generate it:

# ssh-keygen

This creates a public and private key pair in the ~/.ssh/ directory.

You can press Enter to accept the default file location and leave the passphrase empty for automation purposes. However, I strongly recommend setting a passphrase as an additional security layer.

Step #1: Copy the Public Key to the Remote Host

Now, to authorize SSH access, copy the public key to the remote host using the following command:

# ssh-copy-id user@remote_ip

Replace user with the username and remote_ip with the IP address of the remote system.

This adds the public key to the ~/.ssh/authorized_keys file on the remote system, enabling passwordless SSH access.

Step #2: Verify SSH Access

Before using rsync, test the SSH connection to ensure it works without requiring a password. Run the following command on the source/local system:

# ssh user@remote_ip

If you are able to connect, your SSH key pair is working appropriately.

Push Files to Remote

Now, run the following command to transfer files from the local system to the remote system:

# rsync -avzP file user@remote:/path/

Replace file with the path to the file or directory you want to transfer, and /path/ with the destination path on the remote system

Here,

• -a: Preserves file attributes.
• -v: Provides detailed output.
• -z: Compress data during transfer to save bandwidth. This option is not useful over remote networks because compression can add additional CPU overhead for local operations.
• -P: Provides progress updates and allows resuming the partial downloads.

Pull Files from Remote

Alternatively, if you want to retrieve files from the remote system to the local system, execute the following command: 

# rsync -avzp user@remote:/path/file ./

Replace /path/file with the file or directory on the remote system, and ./ with the local destination path if not the current directory. 

Specify Custom SSH Port

Many servers use non-standard SSH ports for security reasons. When connecting to such servers, specify the custom port along with the -e option.

# rsync -avz -e “ssh -p PORT” file user@remote:/path/

Replace PORT with the custom SSH port number. For instance, if the target port number is 2222, the command would be:

# rsync -avz -e “ssh -p 2222” file user@remote:/path/

Comparing SSH vs rsync Daemon Modes

There are two primary methods to perform remote synchronization with rsync:

• SSH (the default) 
• rsync daemon mode

SSH method uses the existing SSH infrastructure on most Linux systems, which is quite straightforward to use. It provides all the security and encryption benefits of SSH.

The daemon mode, on the other hand, involves running a dedicated rsync server process that listens on a specific port (typically 873) and serves rsync requests directly. This allows for more concurrent connections and provides more granular control over access permissions and synchronization behavior.  

Daemon behavior and access control are configured in /etc/rsyncd.conf.

The following table summarizes the pros and cons of SSH and daemon modes.

Mode	SSH	Daemon
Pros	Secure: encrypts data during transfer Simple to set up and use Widely supported and familiar	No dependency on SSH for connection Suitable for public access or internal sharing Can be faster in some internal network scenarios
Cons	Requires SSH access and proper configuration Firewall configuration may be needed Slightly slower due to encryption overhead	Needs setup of an rsync daemon process Less secure if not properly configured Less flexible for complex authentication

Automating Two-Way File Sync

Automating two-way file synchronization is a common requirement for keeping directories in sync across different systems. This process is used in scenarios such as automated backup, collaboration, or setting up data redundancy.

Two-way synchronization means changes in either of the two directories (local and remote) are reflected in the other. In other words, when you update or delete a file, it will be mirrored in the other directory.

However, rsync is inherently a one-way sync tool. As such, to achieve two-way sync, you must run rsync in both directions, first from local to remote, then from remote to local. 

For instance, the following is a basic shell script for two-way synchronization:

#!/bin/bash

set -euo pipefail  # Enable strict error checking

# Configuration

LOCAL_DIR=”/path/to/dir”

REMOTE_HOST=”user@remote_ip”

REMOTE_MODULE=”backup”

LOG_FILE=”/var/log/rsync_2way.log”

SSH_PORT=”22″  # Default SSH port

 

# Validate directories exist

[ -d “$LOCAL_DIR” ] || { echo “ERROR: Local directory missing”; exit 1; }

 

{

    echo “=== Starting two-way sync $(date) ===”

    

    # Phase 1: Local → Remote (Dry Run First)

    echo “DRY RUN: Local → Remote”

    rsync -avzP –dry-run –itemize-changes \

        -e “ssh -p $SSH_PORT” \

        “$LOCAL_DIR/” “$REMOTE_HOST::$REMOTE_MODULE”

    

    read -p “Review changes above. Proceed with sync? (y/n) ” -n 1 -r

    echo

    [[ $REPLY =~ ^[Yy]$ ]] || exit 0

    

    echo “EXECUTING: Local → Remote”

    rsync -avzP –itemize-changes \

        -e “ssh -p $SSH_PORT” \

        “$LOCAL_DIR/” “$REMOTE_HOST::$REMOTE_MODULE”

    

    # Phase 2: Remote → Local (Dry Run First)

    echo “DRY RUN: Remote → Local”

    rsync -avzP –dry-run –itemize-changes \

        -e “ssh -p $SSH_PORT” \

        “$REMOTE_HOST::$REMOTE_MODULE/” “$LOCAL_DIR”

    

    read -p “Review changes above. Proceed with sync? (y/n) ” -n 1 -r

    echo

    [[ $REPLY =~ ^[Yy]$ ]] || exit 0

    

    echo “EXECUTING: Remote → Local”

    rsync -avzP –itemize-changes \

        -e “ssh -p $SSH_PORT” \

        “$REMOTE_HOST::$REMOTE_MODULE/” “$LOCAL_DIR”

    

    echo “=== Sync completed successfully ===”

} | tee -a “$LOG_FILE”

 

Replace /path/to/dir, remote_ip, user@remote_ip, and backup with your actual directory, remote server IP, and module name.

To automate two-way sync, schedule the script using cron. Start by editing the cron jobs with the following command:

# crontab -e

Next, add a line similar to this

0 * * * * /path/to/your/sync_script.sh 

This example runs the script every hour. You can adjust the schedule as needed by consulting our crontab tutorial. 

Ensure the script has executable permissions:

# chmod +x /path/to/your/sync_script.sh

Syncing Directories (Local & Remote)

As we discussed, rsync is one of the most useful tools to sync entire directories, including all subfolders and files. However, proper syntax is crucial for getting the expected results.

Trailing Slash Behavior

The trailing slash on the source directory fundamentally changes how rsync operates:

• source/ (with trailing slash): With trail slashing (source/), the contents of the source directory will be synced or copied into the destination directory. 

For instance, consider the following command:

# rsync -avz source// destination/

This copies all files and subfolders inside the source/ into the destination/.

• source (without trailing slash): If you execute the source without a trailing slash, then the entire source directory is synced as a subdirectory inside the destination.

For instance, consider the following command:

# rsync -avz source destination/

Here, a new folder destination/source/ will be created.

Therefore, we recommend using the –dry-run option to test the directory operation. This shows exactly what would happen without making any changes.

You can use –delete flag if you need to remove files from the destination that don’t exist in the source. 

Compress and Monitor File Transfers

rsync offers several useful options to optimize and monitor your file transfers. The following table summarizes some of the key options to compress and monitor file transfer.

Option	Purpose	Usage/Example
-z / –compress	Compress data during transfer to speed up the process, saving bandwidth.	rsync -avz source/ dest/
–progress	Show real-time progress, including transfer speed and remaining data per file.	rsync -avz –progress source/ dest/
–stats	Display a detailed summary report after the transfer completes, including transfer stats.	rsync -avz –stats source/ dest/
–inplace	Update files directly in the destination without creating temporary copies; useful for large files.	rsync -avz –inplace source/ dest/
–partial-dir=.rsync-partial	Save partially transferred files in a specific directory, enabling resume after interruptions.	rsync -avz –partial-dir=.rsync-partial source/ dest/

Security Best Practices with rsync

Security should be your top priority when transferring files over networks. The following are some of the security measures you can follow for secure rsync operations.

Use SSH for Transfers

SSH should be your default choice for rsync transfers. It provides authentication, encryption, and integrity checking automatically.

Whenever possible, use rsync over SSH rather than the rsync daemon. SSH provides robust encryption, ensuring that all data transferred between hosts is protected from eavesdropping and tampering. This is especially important when synchronizing sensitive or confidential data over untrusted networks.

Security benefits of using SSH:

• Encryption: All data, including file contents and metadata, is encrypted during transfer.
• Authentication: SSH supports both password and key-based authentication, with key-based being more secure and automation-friendly.
• Access control: SSH allows fine-grained user and host restrictions.
• Logging: SSH can log all connection attempts for auditing

Set Up Passwordless SSH Authentication

Passwordless authentication eliminates the need for interactive password entry, making automation possible and actually more secure than password authentication. 

Some of the best practices you can follow are:

• Use a strong passphrase for your private key.
• Regularly update SSH keys.
• Securely back up your private key.
• Use an SSH agent to cache your passphrase during sessions.
• Audit authorized_keys on servers regularly

Harden rsync Daemon

While SSH is preferred, sometimes rsync daemon mode is necessary for specific use cases. If you must use it, proper hardening is essential to make sure you are not exposing your system to exploits.

• Restrict IPs: Limit daemon access to trusted IP addresses or subnets via the [module] configuration. Use the hosts allow and hosts deny directives in rsyncd.conf to limit which IP addresses can connect.
• Use a chroot jail: The chroot option confines the rsync daemon to a specific directory, preventing access to the rest of the filesystem.
• Disable root access: Run the rsync daemon as a non-root user and avoid granting root permissions to minimize the impact of a potential compromise.

Troubleshooting Common rsync Issues

When using rsync, you might encounter some common problems. Here are typical issues and how to resolve them:

Permission Denied

Permission errors are among the most frequent rsync problems. Incorrect file or directory permissions or wrong user ownership can be the reason. 

In such instances, verify that the user running rsync has read/write permissions on the files and directories involved.

Adjust ownership or permissions using chmod and chown as needed.

SSH Connection Errors

Some of the common causes of SSH connection errors are:

• Firewall blocking SSH port (default 22)
• Wrong username or hostname
• SSH service is not running on the remote host

Solution:

• Check firewall rules (ufw, iptables, or cloud security groups).
• Verify the SSH service is running (systemctl status sshd).
• Confirm the correct username and host in your command

Network Timeouts

This happens due to a poor network or an unresponsive host. In such instances, you can use the –timeout=SECONDS option to specify a longer timeout period.

# rsync –timeout=60 …

This will abort the transfer if no data is received for 60 seconds.

Partial Transfers

This is when the file transfer is interrupted, leaving incomplete files.

In such cases, you can follow either of these solutions:

• Use –partial to keep partially transferred files, allowing resumption.
• Use –append or –append-verify to resume large file transfers efficiently.

Important:  These flags assume unchanged destination file structure. They may lead to data corruption if the file sizes or structures differ.

# rsync -avz –partial –append /source/ user@remote:/dest/

This option is especially valuable for unstable network conditions or syncing multi-gigabyte files.

Conclusion 

rsync is a robust and efficient tool for file synchronization and backup, widely used in both personal and enterprise environments. For secure and reliable operation, always use SSH for encrypted transfers and authentication, and set up passwordless SSH for safe automation. 

if you must use it, harden the rsync daemon, restricting access and disabling root. Similarly, troubleshoot common issues by checking permissions, network connectivity, and using appropriate rsync options.

For more advanced usage, you can check the man rsync pages or run rsync –help for a comprehensive list of options and best practices

FAQs

What is a network interface on a Linux server?

A network interface is a software or hardware component that connects your Linux server to a network. It can be a physical device like eth0 or a virtual one like lo (loopback). 

How do I list all network interfaces in my Linux distribution?

You can use the following commands to view available network interfaces on most Linux distributions: ip addr show or ifconfig. 

These commands display all active and inactive network interfaces, their IP addresses, and other relevant details.

What does port forwarding mean, and when should I use it?

Port forwarding allows you to redirect incoming traffic on a specific port of your Linux server to another port or device on the network. It’s commonly used to expose services like SSH, web servers, or game servers to external users while maintaining control over network routing and security. 

How can I forward ports using iptables in Linux?

To forward ports on a Linux server using iptables, you can use a rule like: 

sudo iptables -t nat -A PREROUTING -p tcp –dport 8080 -j REDIRECT –to-port 80 

Here, incoming traffic to port 8080 is forwarded to port 80. The dport option specifies the destination port to match.

What is the purpose of the dport option in firewall rules?

The dport (destination port) option is used in iptables or firewall rules to match specific ports for incoming traffic. It helps you precisely control which ports are allowed or blocked, enhancing the security and efficiency of your Linux server.

How does network routing affect my Linux server’s connectivity?

Network routing determines how data packets travel between your Linux server and other networks. Misconfigured routing can prevent your server from accessing the internet or other devices. You can view current routing tables with: ip route show