DO NOT REPLY [Bug 1890] TLS for rsync protocol

samba-bugs at samba.org samba-bugs at samba.org
Sun Aug 9 04:54:21 MDT 2009


https://bugzilla.samba.org/show_bug.cgi?id=1890





------- Comment #10 from jamie at shareable.org  2009-08-09 05:54 CST -------
> > It's easy to tell an ssh server to restrict what commands can be run.
> is that really secure? i think, no.

Yes, assuming you trust rsync itself.

For backups, don't use scponly, the grossly insecure script at the end of the
oreillynet link, or anything else which gives the client much flexibility. 
Limit the ssh environment, and in the fixed command script, verify the command
it's asked to run is exactly the one it's allowed to run, no dubious "parsing".


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.


More information about the rsync mailing list