Question on encryption

[George Sinclair]

I am not currently subscribed so please email me below.

First, my only experience with rsync has been older versions (e.g.
1.7.x) which did not allow daemon mode, so please bear with me.

My problem is that I would like to mirror large quantities of data on a
remote machine to a local one, but I don't care about encrypting the
data itself. I only care about securing the connection from the
authentication point of view. Okay, I must admit that I like SSH because
it protects the end user from a variety of attacks, but what I'm saying
is that I don't care if people look at the data. Typically, this
mirroring has been done using just the local client's rsync program in
conjunction with ssh (both on the client and sshd on the remote
machine):

rsync --delete --rsh ssh --rsync-path /path_to_rsync/rsync -rlpt
sourcedir remote_host/target_dir/

The problem, however, is that due to the large size of the data, and the
slowness typically suffered under encryption, the remote machine crawls
to a halt or is seriously impaired. Working with small numbers of files
or infrequent mirrors, the encryption is not a problem, but it gets to
be a burden when you're doing this every night on a lot of data. Some
have suggested using something like 'blowfish -c' instead of the default
to speed things up by perhaps a factor of 3. Anyway, here is my
question:

Does running rsync in daemon mode on the remote host preclude the need
to use SSH from the client? If so, how secure is this versus using rsync
in non daemon mode with SSH? I have considered building SSH to not use
encryption, but I was thinking rsync in daemon mode might obviate the
need to have to use SSH if it can still be made secure.

Thanks.

George Sinclair | george.sinclair at noaa.gov