rsync through multiple ssh hops with password authentication
prompt
Manuel López-Ibáñez
manuellopezibanez at yahoo.es
Thu Oct 27 21:28:50 GMT 2005
Yes, your explanations are better. I will promote #2 to become #1, since
it is more likely the one that will work better in all situations.
Another thing is... if you can use "Method #2 Rsync SSH-es to target
using a proxy command that first SSH-es to middle" also with rsync
daemon servers, then: is there any possible advantage on the other three
methods? If not, can we remove everything but just Method #2 possible
with another example using a rsync daemon server? You know, I remember
some say about keeping things simple "something".
Cheers,
Manuel.
Matt McCutchen wrote:
> On Thu, 2005-10-27 at 21:48 +0100, Manuel López-Ibáñez wrote:
>
>>Method 1: no rsync daemon server, passwordless authentication in middle
>>machine.
>>
>>Method 2: no rsync daemon server, using SSH proxy
>>
>>Method 3: no rsync daemon server, using SSH port forwarding
>>
>>Method 4: no rsync daemon server, using SSH tunnel
>
>
> The difference between #3 and #4 is not port forwarding vs. tunnel
> (we've been using the terms synonymously) but SSH port vs. rsync daemon
> port. Here's how I would summarize all the methods:
>
> #1: Rsync runs a chained SSH command as transport; authentication on
> middle must be passwordless
>
> #2: Rsync SSH-es to target using a proxy command that first SSH-es to
> middle
>
> #3: Forward target's SSH port to a local port; rsync SSH-es to that port
>
> #4: Run rsync daemon on target and forward its port to a local port;
> rsync accesses the daemon using that port
>
> I dislike #1 because the middle machine can subvert the connection. I
> dislike #3 and #4 because (a) one must remember to set up and take down
> the tunnel and (b) others can take advantage of the tunnel. (If, as
> many hope, SSH learns to forward filesystem sockets, (b) will go away.)
> Except for some technicalities in how the proxy connection closes, #2 is
> the ideal technique, and that's what I use to access my school's
> firewalled backup machine.
>
> The updated FAQ is very nice, but perhaps the "rsync through a firewall"
> section should be factored out into another page because it occupies
> more than half of the FAQ page.
>
> Incidentally, I set up SSH on my machine to prefer password
> authentication to keyboard-interactive authentication; now the password
> prompt shows the target user and host. Thanks, Carson!
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
More information about the rsync
mailing list