[clug] rsync - suck or blow
Michael Cohen
michael.cohen at netspeed.com.au
Thu Jun 5 23:23:05 EST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You might want to look at setting RSA password less authentication for SSH.
One of the most useful features of RSA authentication is that in the
authorized_keys file by setting command = "blah" just before the key you can
force ssh to run the command "blah" on the server regardless of what command
the other end actually wanted to run at all. This is ideal for rsync since
you can prescribe the remote system to use rsync with the correct
parameters/directory arguements. This way you can control which directory
gets pushed/pulled and the direction on the master server. If the slave
server gets owned there is no way to use RSA authentication to log in,
instead all the attacker can do is get rsync backups of the master....
On Thu, 5 Jun 2003 01:34 pm, Damien Elmes wrote:
> Burn Alting <burn at goldweb.com.au> writes:
> > My question is, should I set up a rsync server on the remote system and
> > then my box can 'suck' down the data, or set it up in reverse, set the
> > rsync server up on my box and get the remote system to 'blow' the data
> > down to me?
>
> It's probably easier to just have rsync installed on the remote host, and
> run rsync with -e ssh to tunnel over an ssh connection.
>
> > Does anyone have bad experiences with either way?
> > Are both approaches the same in terms speed, cost etc?
>
> Security should be your primary concern, unless this is on a private
> network. Think in terms of which host is more likely to be compromised, and
> whether an rsync server or password-less ssh keys is likely to result in
> the other box being attacked.
>
> Cheers,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+30Q5ZMnBgI6aclcRApBlAKCgiMWMW1Y9QF6UlXlrIxgp7VCInwCg4cBM
xp7Q7QjeSz30Ra3Oks/9yNk=
=ig5K
-----END PGP SIGNATURE-----
More information about the linux
mailing list