rsync and SSL

Dave Dykstra dwd at bell-labs.com
Fri Sep 14 23:26:57 EST 2001


On Thu, Sep 13, 2001 at 07:41:19PM -0500, Phil Howard wrote:
> I'm finding even less on rsync and SSL.  I would have imagined someone
> would have done something with this already, but apparently not.  So
> I guess I need to ask and see for sure: has anyone worked on issues of
> using rsync via SSL, such as with stunnel?  

I'm sorry, I didn't read this message before my reply.  I see you've already
covered everything in my reply, so you can ignore it.

> I want to have encrypted
> access, either anonymous or authenticated, but without granting any SSH
> access to anyone (e.g. the rsync "users" won't be in the /etc/passwd
> user space).

If stunnel doesn't work, how about this idea: what if you hand out an
unencrypted SSH "private" key to all users, and put in a .ssh/authorized_keys
on the server with a forced command that restricts what the users can do
to specific rsync commands?  That will still encrypt the connection, and
even though the authentication key will be well-known it should be safe
because the authentication key is independent of the encryption key.

- Dave Dykstra




More information about the rsync mailing list