SSL/TLS support in RSYNC

Bruno (libvirt) libvirt at
Wed May 21 21:50:05 GMT 2008

Matt McCutchen wrote:
> On Mon, 2008-05-19 at 11:26 +0200, Bruno (libvirt) wrote:
>> What are the plans to implement TLS directly into the mainstream rsync? 
>> This would be a huge improvement, when using rsync with a daemon and 
>> modules-based setup.
>> It's already easy to tunnel rsync into ssh, but this requires
>> 1) ssh-user and shell access
>> 2) to specify the full remote path
>> 3) to forget about all the nifty features of rsyncd.conf (uid/gid, 
>> ip-filtering, easy logging...)
>> If you know about any plan for the inegration of SSL/TLS... maybe the 
>> CVS/SVN version has this already, please be kind and let me know.
> There is a patch that is supposed to add SSL support:
> and some discussion of improving it:
> but my impression is that the patch doesn't work and hasn't been fixed.
> You could access the daemon through stunnel.  Another option is to use a
> single-use daemon invoked over ssh, with a forced command (rsync
> --server --daemon .) that limits the ssh login to invoking the daemon;
> in the man page.  That gives you modules and logging right away.  If you
> need a uid/gid different from the ssh user's, you could run a
> traditional daemon that listens only on localhost and have the ssh login
> force a connection to that daemon, or you could just use ssh port
> forwarding.
> Matt

Thank you Matt for your response. I'm going to try that ASAP, but I've 
read, too, that it's less than reliable.


More information about the rsync mailing list