rsync and SSL
dwd at bell-labs.com
Fri Sep 14 23:26:57 EST 2001
On Thu, Sep 13, 2001 at 07:41:19PM -0500, Phil Howard wrote:
> I'm finding even less on rsync and SSL. I would have imagined someone
> would have done something with this already, but apparently not. So
> I guess I need to ask and see for sure: has anyone worked on issues of
> using rsync via SSL, such as with stunnel?
I'm sorry, I didn't read this message before my reply. I see you've already
covered everything in my reply, so you can ignore it.
> I want to have encrypted
> access, either anonymous or authenticated, but without granting any SSH
> access to anyone (e.g. the rsync "users" won't be in the /etc/passwd
> user space).
If stunnel doesn't work, how about this idea: what if you hand out an
unencrypted SSH "private" key to all users, and put in a .ssh/authorized_keys
on the server with a forced command that restricts what the users can do
to specific rsync commands? That will still encrypt the connection, and
even though the authentication key will be well-known it should be safe
because the authentication key is independent of the encryption key.
- Dave Dykstra
More information about the rsync