rsync through multiple ssh hops with password authentication
manuellopezibanez at yahoo.es
Thu Oct 27 21:28:50 GMT 2005
Yes, your explanations are better. I will promote #2 to become #1, since
it is more likely the one that will work better in all situations.
Another thing is... if you can use "Method #2 Rsync SSH-es to target
using a proxy command that first SSH-es to middle" also with rsync
daemon servers, then: is there any possible advantage on the other three
methods? If not, can we remove everything but just Method #2 possible
with another example using a rsync daemon server? You know, I remember
some say about keeping things simple "something".
Matt McCutchen wrote:
> On Thu, 2005-10-27 at 21:48 +0100, Manuel LÃ³pez-IbÃ¡Ã±ez wrote:
>>Method 1: no rsync daemon server, passwordless authentication in middle
>>Method 2: no rsync daemon server, using SSH proxy
>>Method 3: no rsync daemon server, using SSH port forwarding
>>Method 4: no rsync daemon server, using SSH tunnel
> The difference between #3 and #4 is not port forwarding vs. tunnel
> (we've been using the terms synonymously) but SSH port vs. rsync daemon
> port. Here's how I would summarize all the methods:
> #1: Rsync runs a chained SSH command as transport; authentication on
> middle must be passwordless
> #2: Rsync SSH-es to target using a proxy command that first SSH-es to
> #3: Forward target's SSH port to a local port; rsync SSH-es to that port
> #4: Run rsync daemon on target and forward its port to a local port;
> rsync accesses the daemon using that port
> I dislike #1 because the middle machine can subvert the connection. I
> dislike #3 and #4 because (a) one must remember to set up and take down
> the tunnel and (b) others can take advantage of the tunnel. (If, as
> many hope, SSH learns to forward filesystem sockets, (b) will go away.)
> Except for some technicalities in how the proxy connection closes, #2 is
> the ideal technique, and that's what I use to access my school's
> firewalled backup machine.
> The updated FAQ is very nice, but perhaps the "rsync through a firewall"
> section should be factored out into another page because it occupies
> more than half of the FAQ page.
> Incidentally, I set up SSH on my machine to prefer password
> authentication to keyboard-interactive authentication; now the password
> prompt shows the target user and host. Thanks, Carson!
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
More information about the rsync