SSL/TLS support in RSYNC
libvirt at brunom.net
Wed May 21 21:50:05 GMT 2008
Matt McCutchen wrote:
> On Mon, 2008-05-19 at 11:26 +0200, Bruno (libvirt) wrote:
>> What are the plans to implement TLS directly into the mainstream rsync?
>> This would be a huge improvement, when using rsync with a daemon and
>> modules-based setup.
>> It's already easy to tunnel rsync into ssh, but this requires
>> 1) ssh-user and shell access
>> 2) to specify the full remote path
>> 3) to forget about all the nifty features of rsyncd.conf (uid/gid,
>> ip-filtering, easy logging...)
>> If you know about any plan for the inegration of SSL/TLS... maybe the
>> CVS/SVN version has this already, please be kind and let me know.
> There is a patch that is supposed to add SSL support:
> and some discussion of improving it:
> but my impression is that the patch doesn't work and hasn't been fixed.
> You could access the daemon through stunnel. Another option is to use a
> single-use daemon invoked over ssh, with a forced command (rsync
> --server --daemon .) that limits the ssh login to invoking the daemon;
> see section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION"
> in the man page. That gives you modules and logging right away. If you
> need a uid/gid different from the ssh user's, you could run a
> traditional daemon that listens only on localhost and have the ssh login
> force a connection to that daemon, or you could just use ssh port
Thank you Matt for your response. I'm going to try that ASAP, but I've
read, too, that it's less than reliable.
More information about the rsync