Question on encryption

Tim Potter tpot at
Fri Dec 21 09:58:40 EST 2001

On Thu, Dec 20, 2001 at 04:45:52PM -0600, Dave Dykstra wrote:

> > Does running rsync in daemon mode on the remote host preclude the need
> > to use SSH from the client? If so, how secure is this versus using rsync
> > in non daemon mode with SSH? I have considered building SSH to not use
> > encryption, but I was thinking rsync in daemon mode might obviate the
> > need to have to use SSH if it can still be made secure.
> Unfortunately, the answer is no.  The rsync daemon can protect access with
> passwords that are not sent in the clear over the network, but it does not
> do anything to guarantee that hosts are not being spoofed and that there's
> no man-in-the-middle.  The answer for people who use that has always been
> to use ssh.

Wow - three slightly different answers.  (-:  You make a good point with
the host authentication property of ssh.


More information about the rsync mailing list