[clug] rsync - suck or blow

Michael Cohen michael.cohen at netspeed.com.au
Thu Jun 5 23:23:05 EST 2003

Hash: SHA1

You might want to look at setting RSA password less authentication for SSH. 
One of the most useful features of RSA authentication is that in the 
authorized_keys file by setting command = "blah" just before the key you can 
force ssh to run the command "blah" on the server regardless of what command 
the other end actually wanted to run at all. This is ideal for rsync since 
you can prescribe the remote system to use rsync with the correct 
parameters/directory arguements. This way you can control which directory 
gets pushed/pulled and the direction on the master server. If the slave 
server gets owned there is no way to use RSA authentication to log in, 
instead all the attacker can do is get rsync backups of the master....

On Thu, 5 Jun 2003 01:34 pm, Damien Elmes wrote:
> Burn Alting <burn at goldweb.com.au> writes:
> > My question is, should I set up a rsync server on the remote system and
> > then my box can 'suck' down the data, or set it up in reverse, set the
> > rsync server up on my box and get the remote system to 'blow' the data
> > down to me?
> It's probably easier to just have rsync installed on the remote host, and
> run rsync with -e ssh to tunnel over an ssh connection.
> > Does anyone have bad experiences with either way?
> > Are both approaches the same in terms speed, cost etc?
> Security should be your primary concern, unless this is on a private
> network. Think in terms of which host is more likely to be compromised, and
> whether an rsync server or password-less ssh keys is likely to result in
> the other box being attacked.
> Cheers,
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the linux mailing list