rsyncssl

devzero at web.de devzero at web.de
Mon Feb 4 02:19:32 MST 2013 

Why put that extra effort into rsync, if you can chain things together ?

The power of unix is exactly that - it`s not about using specialiced tools, but it`s about combining them in innumerable ways, thus multiplying their capabilities.

>Another good reason for a SSL-version of rsync: non-Unix clients...

Stunnel probably runs on as many platforms like rsync. https://www.stunnel.org/ports.html
Besides that, mind that there is no usable native port of rsync on windows. (The cygwin based rsync is very slow, btw)
I think stunnel even runs native on win32.(MinGW)

I was hoping for ssl in rsync for long, but when i saw RsyncSSL, i think it could obsolete an rsync with compiled in ssl support.

Nobdoy would have the idea to put ssh into rsync, rsync is just using that as a sub-process/pipe(and vice versa).
So does RsyncSSL (with stunnel).

On the server side, with rsync + ssh, the ssh daemon listens for incomming ssh connection and then starts rsync, connecting via stdin/stdout.

Analogously, stunnel daemon listens for incoming ssl connection and then starts rsync(d) as a sub-process. The only difference is, that RsyncSSL adds some missing glue.

>I'd love to see rsync-ssl (with the server having CRL support, client
>cert support, and the client/server doing cert validation of course) as
>for one thing I think it would make a damn fine laptop backup solution.

It´s exactly what RsyncSSL can do for you.

regards
roland


>List:       rsync
>Subject:    Re: rsyncssl
>From:       Jason Haar <Jason_Haar () trimble ! com>
>Date:       2013-02-04 2:45:47
>Message-ID: 510F20DB.7050003 () trimble ! com
>[Download message RAW]
>
>Another good reason for a SSL-version of rsync: non-Unix clients...
>
>It's all well and good to talk about using vpns and ssh tunnels - but
>the fact is that a large percentage of rsync clients are non-Unix - like
>Windows - and getting them set up for ssh/etc is layering extra software
>on top of rsync. I'm not saying it can't work  - but it's not simple.
>
>I'd love to see rsync-ssl (with the server having CRL support, client
>cert support, and the client/server doing cert validation of course) as
>for one thing I think it would make a damn fine laptop backup solution.
>I've run more than my share of Internet-facing services in my time and
>the lowest maintenance ones are the SSL/TLS services that require client
>certs. The bad guys cannot even "knock on the door"!
>
>An Internet-based rsync-ssl server that requires client certs would be
>brilliant for backing up laptops over the Internet: an enterprise
>competitor to all those cloudy services such as Dropbox/etc. :-) [well,
>probably need that VSS patch for rsync-win32 too ;-)]
>
>
>--
>Cheers
>
>Jason Haar
>Information Security Manager, Trimble Navigation Ltd.
>Phone: +1 408 481 8171
>PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the rsync mailing list