rsync over ssl (again)

Ben Escoto bescoto at
Thu Aug 22 14:22:01 EST 2002

>>>>> "PH" == Phil Howard <phil at>
>>>>> wrote the following on Thu, 22 Aug 2002 11:32:46 -0500

  PH> While it is "secure" in the sense of an encrypted medium, it is
  PH> still using a login to a system (e.g. /etc/passwd based)
  PH> account.
  PH> SSH is by legacy a tool to provide a shell access.  I worry it
  PH> could revert to that, either due to a less focused initiative,
  PH> or just the lack of any documentation for administering
  PH> _authorization_ aspects (as opposed to authentication).

Well, any server must be running under some userid, so if the server
is going to be hacked, I suppose it is an advantage that each account
has its own uid in /etc/passwd.  I see your point about the lack of
documentation.  But I wonder if it would be easier to hack sftpd or

  PH> How would I say what users are allowed to access what paths.  I
  PH> can do this in rsync via port 873 and thus /etc/rsyncd.conf, but
  PH> there just seems to be nothing in sftpd to do it.  And what in
  PH> sftpd lets me do what rsync can do in "secrets =" in
  PH> /etc/rsyncd.conf?

I suppose you would be stuck with the standard system tools (groups,
ACLs if you have them, chroot perhaps, etc.).

Ben Escoto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url :

More information about the rsync mailing list