Rsync security

[Chris Shoemaker]

On Tue, Jun 15, 2004 at 03:37:21PM +0100, ww m-pubsyssamba wrote:
> Hello list,
> 
> 	I have a requirement to script a sync from a server to a UNIX workstation (Mac OS X) users desktop and profile related data at logon and
> logoff. Rsync looks like it may be appropriate, but I am concerned about making a sufficiently secure connection between the server and the
> client (given my sync must be non-interactive).
> Rsh is not an option, so Ssh seems to be the only alternative. Now I'm quite familiar with Ssh, setting up public/private key pairs etc. but I'm
> quite uncomfortable about using this across hundreds of workstations to provide the sync functionality I'm looking for. Specifically my fear is if
> someone gains administrative access to their workstation and can access the ssh private key & ssh server key they will be able to access any
> data they want from the central file server. Plus relying on keypairs is very messy from an administrative point of view.
> I guess other people must have thought about a similar type of requirement in terms of security and was hoping I might get some pointers from
> those how have done this before. My personal preference was to mount a share from the file server on the client and essentially do the sync all locally on the client but rsync doesn't seem to like doing this very much (apparently this is advised against),

What doesn't rsync like?  Do you mean something like a rsync between a
local mount and a locally-mounted NFS export?  That should be fine.
	-Chris

> 
> 	any help gratefully recieved, thanks Andy.
> --
> To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html