rsync 3.0 and rssh

Kaleb Pederson kaleb.pederson at gmail.com
Sat Mar 8 15:19:30 GMT 2008


David,

If all you need is restricted rsync support, I might recommend the rrsync 
program that was just referenced.

There are a few things that I worry about with it, which are basically 
configuration issues. If the users .ssh directory is within the files 
reachable and writable by the user, as is normally they case, then he/she can 
alter their configuration to allow a different program to be executed.  Some 
items of interest when working with OpenSSH:

Configuration directives:
LocalCommand
ProxyCommand

In the authorized keys file:
command="command"

If you don't trust the patch that's available for rssh, you might checkout 
scponly.  It currently has the exact same problem, but I'm fixing that right 
now and I should have a snapshot up on sourceforge a little later today.  It 
supports all the features that rssh does, and then some (if configured as 
such).

Scponly is available here:

http://sublimation.org/scponly/wiki/index.php/Main_Page

--Kaleb

On Saturday 08 March 2008, Matt McCutchen wrote:
> On Sat, 2008-03-08 at 13:49 +0100, david reinares wrote:
> > Since rsync 3.0 i've detected a problem with rssh and -e
> > option....rssh doesn't allow this option...but is essential to me
> > (cyphered transmission with ssh).
>
> Rsync 3.0.0 uses -e as a server option, so rssh needs to be updated to
> allow the option.  If rssh is not being updated, you could switch to
> another tool, such as the "support/rrsync" that comes in the rsync
> source package and is maintained with rsync.  The version that comes
> with rsync 3.0.0 doesn't know about -e, but the latest development
> version has been fixed:
>
> http://rsync.samba.org/ftp/unpacked/rsync/support/rrsync
>
> Matt




More information about the rsync mailing list