DO NOT REPLY [Bug 1890] TLS for rsync protocol

samba-bugs at samba-bugs at
Sun Aug 9 04:54:21 MDT 2009

------- Comment #10 from jamie at  2009-08-09 05:54 CST -------
> > It's easy to tell an ssh server to restrict what commands can be run.
> is that really secure? i think, no.

Yes, assuming you trust rsync itself.

For backups, don't use scponly, the grossly insecure script at the end of the
oreillynet link, or anything else which gives the client much flexibility. 
Limit the ssh environment, and in the fixed command script, verify the command
it's asked to run is exactly the one it's allowed to run, no dubious "parsing".

Configure bugmail:
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the rsync mailing list