No subject
Sun Jan 4 23:01:44 GMT 2004
seem to have a way of proving that it is the real server (e.g. by using
public key cryptography).
So, if I wanted to authenticate the rsync server, then I would have to use
rsync over ssh instead of running an rsync server over inetd, right?
I should then put the ssh public key of the server on the website,
available through https:// on my website. Someone who wants to setup a
mirror can download the ssh public key via https://, install that in their
ssh client, and then use ssh to connect to a shell account on my server to
run rsync.
What about security, though? I would essentially be giving a shell account
to anyone who wants to use it. This shell account would have to be
restricted: It is CHROOTed in the file area, it cannot write to any of the
files, and it can't run any program other than rsync. I'd guess I'd have
to set this account to some special restricted shell that does this.
Am I right about all of the above? If yes, does anyone know where I might
start looking for such a special restricted shell program? If no, where
did I go wrong (is there a simpler way to provide a relatively simple
thing such as authentication of the rsync server)?
More information about the rsync
mailing list