rsync with ssh
Wayne Davison
wayned at samba.org
Mon Oct 24 23:25:39 GMT 2005
On Mon, Oct 24, 2005 at 07:58:04AM +0800, Adrian Mak wrote:
> but it seems that rsync sending plain password for the user test and
> the contents too.
This is taken directly from the rsyncd.conf manpage:
The authentication protocol used in rsync is a 128 bit MD4 based
challenge response system. Although I believe that no one has ever
demonstrated a brute-force break of this sort of system you should
realize that this is not a "military strength" authentication
system. It should be good enough for most purposes but if you want
really top quality security then I recommend that you run rsync over
ssh.
Also note that the rsync daemon protocol does not currently provide
any encryption of the data that is transferred over the connection.
Only authentication is provided. Use ssh as the transport if you
want encryption.
So, no, the password is not sent in plain-text over the socket.
> 123.123.123:test/ /home/test2
When using ssh, the current directory defaults to the login user's home
dir, so that's lookin for a "test" dir in (I assume) /home/test.
..wayne..
More information about the rsync
mailing list