security issues

jw schultz jw at pegasys.ws
Tue Sep 10 18:58:01 EST 2002


On Tue, Sep 10, 2002 at 08:07:48PM +0200, Bruno LEDOUX wrote:
> Hi, 
> 
> I have a question about security with rsync which I want to use to do
> automatic backups of a cvs tree. I have two options: the first one is to use
> rsync with ssh but it requires me to type in my ssh password each time and
> is not really convenient for an automatic process. I could of course use ssh
> without password authentication (just ip address) but it would open big
> security holes on the server where backups are made...
> The second option is to use rsync in daemon mode with password
> authentication but in that case file transfers will not be encrypted.
> 
> What do you think the is best option in terms of security ? Any ideas ?

The best, i think, would be ssh with the private key method.
If by ssh password you mean key passphrase i would reccomend
disabling the passphrase for automated work.

If your backup client is insecure pull instead of push.

To get even more secure use the CVS tree which supports
using ssh to connect to a remote rsyncd.  Doing so should
allow you to combine ssh forced command with rsyncd module
and account restrictions.  There are examples in the list
archive, note that ssh forced command is tricky to get right.

-- 
________________________________________________________________
	J.W. Schultz            Pegasystems Technologies
	email address:		jw at pegasys.ws

		Remember Cernan and Schmitt



More information about the rsync mailing list