rsync 3.0 and rssh
Kaleb Pederson
kaleb.pederson at gmail.com
Sat Mar 8 15:19:30 GMT 2008
David,
If all you need is restricted rsync support, I might recommend the rrsync
program that was just referenced.
There are a few things that I worry about with it, which are basically
configuration issues. If the users .ssh directory is within the files
reachable and writable by the user, as is normally they case, then he/she can
alter their configuration to allow a different program to be executed. Some
items of interest when working with OpenSSH:
Configuration directives:
LocalCommand
ProxyCommand
In the authorized keys file:
command="command"
If you don't trust the patch that's available for rssh, you might checkout
scponly. It currently has the exact same problem, but I'm fixing that right
now and I should have a snapshot up on sourceforge a little later today. It
supports all the features that rssh does, and then some (if configured as
such).
Scponly is available here:
http://sublimation.org/scponly/wiki/index.php/Main_Page
--Kaleb
On Saturday 08 March 2008, Matt McCutchen wrote:
> On Sat, 2008-03-08 at 13:49 +0100, david reinares wrote:
> > Since rsync 3.0 i've detected a problem with rssh and -e
> > option....rssh doesn't allow this option...but is essential to me
> > (cyphered transmission with ssh).
>
> Rsync 3.0.0 uses -e as a server option, so rssh needs to be updated to
> allow the option. If rssh is not being updated, you could switch to
> another tool, such as the "support/rrsync" that comes in the rsync
> source package and is maintained with rsync. The version that comes
> with rsync 3.0.0 doesn't know about -e, but the latest development
> version has been fixed:
>
> http://rsync.samba.org/ftp/unpacked/rsync/support/rrsync
>
> Matt
More information about the rsync
mailing list