restricting rsync over ssh

Mike Rubel mrubel at
Wed May 22 14:42:02 EST 2002

> > If so, I am trying to find the best way to restrict rsync -e ssh on the
> > remote machine.  Prepending the authorized_keys entry with
> > command='rsync ...' 1024... results in the 'Protocol mismatch - is your
> > shell clean?' error.

This brings up an interesting question.  Does anyone use the server
version of rsyncd with an ssh tunnel?  In other words:

On the server, bring up sshd listening on *:22, and rsyncd accepting
connections from localhost only, port 873.

Then, on the client machine, set up an ssh tunnel:

ssh server -L 1873:server:873

(I just picked 1873 for convenience; you could use any open
user-accessible port).

Then rsync to localhost:1873, letting ssh carry the connection over the
tunnel to the server:

rsync rsync://user@localhost:1873/path/to/source dest

Does anyone use this approach?  Are there any advantages/disadvantages?


More information about the rsync mailing list