Rsync with non-standard ssh ports

ByEric Ma

Using rsync with non-standard SSH ports

When you need to rsync against hosts behind NAT gateways or port-forwarded SSH services, the standard port 22 won’t work. The solution is the -e flag, which lets you specify a custom SSH command with your desired port.

Basic usage

Use -e to pass custom SSH arguments:

rsync -avxP --delete -e "ssh -p 13022" username@example.com:/remote/path/ /local/path/

Breaking this down:

  • -a — archive mode (preserves permissions, timestamps, symlinks)
  • -v — verbose output
  • -x — don’t cross filesystem boundaries
  • -P — show progress and keep partial files
  • --delete — delete files in destination that don’t exist in source
  • -e "ssh -p 13022" — use SSH with port 13022 instead of default 22

Pushing vs pulling

The example above pulls (downloads) from a remote host. To push (upload) instead:

rsync -avxP --delete -e "ssh -p 13022" /local/path/ username@example.com:/remote/path/

Additional SSH options

You can pass multiple SSH arguments through the -e flag. Common scenarios:

Using a specific SSH key:

rsync -avxP -e "ssh -p 13022 -i ~/.ssh/custom_key" username@example.com:/remote/path/ /local/path/

Disabling host key verification (useful for ephemeral test environments, though not recommended for production):

rsync -avxP -e "ssh -p 13022 -o StrictHostKeyChecking=no" username@example.com:/remote/path/ /local/path/

Increasing SSH verbosity for debugging:

rsync -avvP -e "ssh -p 13022 -vv" username@example.com:/remote/path/ /local/path/

SSH config alternative

If you frequently connect to the same host, define it in ~/.ssh/config:

Host mycluster
    HostName example.com
    Port 13022
    User username
    IdentityFile ~/.ssh/custom_key

Then simplify your rsync command:

rsync -avxP --delete mycluster:/remote/path/ /local/path/

Performance considerations

For large transfers over high-latency networks, consider adding compression and tuning parameters:

rsync -avxP --delete -e "ssh -p 13022 -C" --bwlimit=5000 username@example.com:/remote/path/ /local/path/
  • -C — enable SSH compression
  • --bwlimit=5000 — limit bandwidth to 5000 KB/s (adjust as needed)

For very large files, you might also want --partial-dir to handle incomplete transfers more gracefully:

rsync -avxP --delete --partial-dir=.rsync-partial -e "ssh -p 13022" username@example.com:/remote/path/ /local/path/

Troubleshooting

If the connection fails, verify SSH works directly first:

ssh -p 13022 username@example.com "ls /remote/path/"

Common issues:

  • Permission denied — check your SSH key permissions (chmod 600 ~/.ssh/key) and that the remote user has access
  • Connection refused — verify the port and that the SSH service is listening on that port (netstat -tuln | grep 13022 on the remote host)
  • Timeout — check firewall rules between your client and the port-forwarded gateway

Summary

The -e flag is the standard way to customize rsync’s SSH transport. For cluster environments with non-standard ports, define your hosts in SSH config once, then use clean, repeatable rsync commands without embedding port numbers in every command.

Read more:

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *