rsync and SSL
Cameron Simpson
cs at zip.com.au
Thu Sep 20 10:47:15 EST 2001
On Mon, Sep 17, 2001 at 12:10:45PM -0500, Dave Dykstra <dwd at bell-labs.com> wrote:
| On Fri, Sep 14, 2001 at 10:29:37PM -0500, Phil Howard wrote:
| > My concern with SSH is making it function with an authentication space
| > different than the /etc/passwd space, and absolutely ensuring that there
| > is no way anyone accessing via SSH could execute any other command.
I'm curious. What's insufficient about the command= authorized_hosts parameter?
| > I'm quite confident rsync will work over stunnel. But I don't know if
| > there is any effort to "standardize" a different port number for rsync
| > over ssl.
|
| No, there hasn't. Is 874 available?
This trend bothers me. Why are we issuing new port numbers for
whatever-proto-over-SSL instead of just augumenting the protocol to have
an "SSL" command, which starts an SSL connection over the channel and then
runs the core protocol (rsync, pop, whatever) afresh on the new session?
That way we could do SMTP over SSL etc etc transparently: clients connect,
say "SSL", if rejected either fall back or fall out, and if accepted
then away we all go.
Is there some technical reason for not doing things this way?
--
Cameron Simpson, DoD#743 cs at zip.com.au http://www.zip.com.au/~cs/
One of the biggest obstacles to the future of computing is C. C is the last
attempt of the high priesthood to control the computing business. It's like
the scribes and the Pharisees who did not want the masses to learn to read
and write. - Jerry Pournelle
More information about the rsync
mailing list