rsync and SSL

Phil Howard phil-rsync at
Sat Sep 15 13:29:37 EST 2001

Dave Dykstra wrote:

> If stunnel doesn't work, how about this idea: what if you hand out an
> unencrypted SSH "private" key to all users, and put in a .ssh/authorized_keys
> on the server with a forced command that restricts what the users can do
> to specific rsync commands?  That will still encrypt the connection, and
> even though the authentication key will be well-known it should be safe
> because the authentication key is independent of the encryption key.

My concern with SSH is making it function with an authentication space
different than the /etc/passwd space, and absolutely ensuring that there
is no way anyone accessing via SSH could execute any other command.

I'm quite confident rsync will work over stunnel.  But I don't know if
there is any effort to "standardize" a different port number for rsync
over ssl.  In a separate project I'm developing a new POP3 server, and
will be looking at integrating SSL, probably with code from stunnel,
so the logic of the server operates with the direct knowledge of where
the connection comes from.  One way that I might do this is for an SSL
connection, to launch an additional process to handle the SSL layer
just like stunnel, perhaps actually running that code.  For rsync, this
might also be a way to do it.  Integrating it a client could be even
more useful.

And jumping over to my other posting, I'm looking for rsync for Windows
that can be installed by people with zero Unix experience, and probably
very little Windows experience.  That probably means it has to be some
kind of package that installs with the usual install shield like approach
with menu configuration.  I won't be installing it, but referring others
to do so.  So far it looks like there is nothing like that.

| Phil Howard - KA9WGN |   Dallas   | |
| phil-nospam at | Texas, USA |     |

More information about the rsync mailing list