Normally you’d do this:hostA$ rsync -av hostB:/foo/ /foo/
but you can’t because your user can’t read /foo on hostB.
So then you might try making rsync run as root on hostB:hostA$ rsync --rsync-path='sudo rsync' -av hostB:/foo/ /foo/
but that fails because ssh needs a pseudo-terminal to ask you for your sudo password on hostB:sudo: no tty present and no askpass program specified rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: error in rsync protocol data stream (code 12) at io.c(226) [Receiver=3.1.1]
So then you can try giving it an askpass program:hostA$ rsync \ --rsync-path='SUDO_ASKPASS=/usr/bin/ssh-askpass sudo rsync' \ -av hostB:/foo/ /foo/
and that nearly works! It pops up an askpass dialog (so you need X11 forwarding) which takes your password and does stuff as root on hostB. But ultimately fails because it’s running as your unprivileged user locally (hostA) and can’t write the files. So then you try running the lot under sudo:hostA$ sudo rsync \ --rsync-path='SUDO_ASKPASS=/usr/bin/ssh-askpass sudo rsync' \ -av hostB:/foo/ /foo/
This fails because X11 forwarding doesn’t work through the local sudo. So become root locally first, then tell rsync to ssh as you:hostA$ sudo -i hostA# rsync \ -e 'sudo -u youruser ssh' \ --rsync-path 'SUDO_ASKPASS=/usr/bin/ssh-askpass sudo rsync'\ -av hostB:/foo /foo
Answer cobbled together with help from dutchie, dne and dg12158. Any improvements? Not needing X11 forwarding would be nice.