Passwordless SSH messes with escaped spaces
Matt McCutchen
hashproduct+rsync at gmail.com
Fri Aug 25 00:40:34 GMT 2006
Now that I step back and think about it, your needs would be better
met by a single-use daemon invoked through SSH. The invoked command
line is always "rsync --server --daemon .", so you can force this
exact command in authorized_keys instead of using a separate script.
(The actual rsync arguments are provided to the daemon on its standard
input using the daemon protocol.) You can then use rsyncd.conf to
restrict what paths, transfer directions, and options are allowed (see
rsyncd.conf(5)). Since the rsync daemon enforces the restrictions
after parsing the arguments, you're much less likely to have a
security hole than if you try to enforce the restrictions directly
from the argument list.
See the section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL
CONNECTION" of rsync(1) for more information.
Matt
More information about the rsync
mailing list