Rsync security
ww m-pubsyssamba
pubsyssamba at bbc.co.uk
Tue Jun 15 14:37:21 GMT 2004
Hello list,
I have a requirement to script a sync from a server to a UNIX workstation (Mac OS X) users desktop and profile related data at logon and
logoff. Rsync looks like it may be appropriate, but I am concerned about making a sufficiently secure connection between the server and the
client (given my sync must be non-interactive).
Rsh is not an option, so Ssh seems to be the only alternative. Now I'm quite familiar with Ssh, setting up public/private key pairs etc. but I'm
quite uncomfortable about using this across hundreds of workstations to provide the sync functionality I'm looking for. Specifically my fear is if
someone gains administrative access to their workstation and can access the ssh private key & ssh server key they will be able to access any
data they want from the central file server. Plus relying on keypairs is very messy from an administrative point of view.
I guess other people must have thought about a similar type of requirement in terms of security and was hoping I might get some pointers from
those how have done this before. My personal preference was to mount a share from the file server on the client and essentially do the sync all locally on the client but rsync doesn't seem to like doing this very much (apparently this is advised against),
any help gratefully recieved, thanks Andy.
More information about the rsync
mailing list