restricting rsync over ssh on the server side.

Rob Browning rlb at
Mon Jan 6 00:07:01 EST 2003

Aaron Morris <aaronmorris at> writes:

> I only mention this because I do not believe most people even realize
> there is this other mode to rsync.  I tried describing it to a
> co-worker who uses rsync regularly, but he kind of just stared at me
> blankly.

Right.  I was aware of that mode, but it seemed like it would only
work in cases where the remote sysadmin was willing to run another
daemon (if they're not already running rsyncd).  With the command= ssh
approach, for sites already using ssh, the admin, or even the user on
the server side, can set up as many restricted keys as they want.

Also, it wasn't clear to me from the docs how secure rsync's password
challenge and authentication scheme is expected to be.  It seemed like
the ssh + restricted command= approach would likely be safer, but I'm
not sure how I'd quantify that.


Rob Browning
rlb,, and
GPG starting 2002-11-03 = 14DD 432F AE39 534D B592  F9A0 25C8 D377 8C7E 73A4

More information about the rsync mailing list