Aw: Re: Re: encrypted rsyncd - why was it never implemented?

devzero at web.de devzero at web.de
Wed Dec 3 13:09:07 MST 2014


> The benefit of rsync over ssh secured by rrsync is that it is more
> like what rsync users are already used to.

i don`t like rsync over ssh in an environemt with users you can´t trust.

from a security perspective, i think such setup is broken by design.

it`s a little bit like giving a foreigner the key to your front door and then hope that the door in the corridor to your room will be "secure and stable enough".

some reasons why i think this way can be found here:
https://www.google.de/search?q=ssh+restricted+shell+bypass

regards
roland



> Gesendet: Mittwoch, 03. Dezember 2014 um 20:37 Uhr
> Von: "Kevin Korb" <kmk at sanitarium.net>
> An: devzero at web.de
> Cc: rsync at lists.samba.org
> Betreff: Re: Aw: Re: encrypted rsyncd - why was it never implemented?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> As far as a backup provider goes I wouldn't expect them to use rsync
> over SSL unless that were built into rsync in the future (and has been
> around long enough that most users would have it).
> 
> I would expect them to either use rsync over ssh secured by rrsync or
> rsyncd over ssh with them managing the rsyncd.conf file.  Either way
> the server side command would be forced and no other ssh functionality
> would be allowed.
> 
> The benefit of rsync over ssh secured by rrsync is that it is more
> like what rsync users are already used to.
> 
> The benefit of rsyncd over ssh would be that the provider would manage
> the rsyncd.conf files (1 per user) and could make a web UI to control
> certain aspects of it.
> 
> I am thinking of something like this with in sshd_config with
> whichever ForceCommand they would pick:
> 
> Match Group backupusers
>   X11Forwarding no
>   AllowTcpForwarding no
>   ForceCommand /usr/bin/rsync --server --daemon .
>   ForceCommand /usr/bin/rrsync-wrapper
> 
> Note that a wrapper or modification would be needed for rrsync since
> sshd_config doesn't support %u or %h in ForceCommand :(
> 
> 
> On 12/03/2014 02:20 PM, devzero at web.de wrote:
> > from a security perspective this is bad. think of a backup provider
> > who wants to make rsyncd modules available to the end users so they
> > can push backups to the server. do you think that such server is
> > secure if all users are allowed to open up an ssh shell to secure
> > their rsync transfer ?
> > 
> > ok, you can restrict the ssh connection, but you open up a hole and
> > you need to think twice to make it secure - leaving room for
> > hacking and circumventing ssh restrictions.
> > 
> > indeed, rsyncd with ssl is quite attractive, but adding ssl to
> > rsync adds quite some complexity and also increases maintenance
> > work.
> > 
> > for some time there is a ssl patch in the contrib directory, but
> > i`m curious why nobody is aware of rsyncssl, which is not a perfect
> > but quite some elegant solution to support wrapping rsyncd with ssl
> > via stunnel:
> > 
> > http://dozzie.jarowit.net/trac/wiki/RsyncSSL 
> > https://git.samba.org/?p=rsync.git;a=commit;h=70d4a945f7d1ab1aca2c3ca8535240fad4bdf06b
> >
> >  regards roland
> > 
> > 
> > 
> >> Gesendet: Mittwoch, 03. Dezember 2014 um 19:19 Uhr Von: "Kevin
> >> Korb" <kmk at sanitarium.net> An: rsync at lists.samba.org Betreff: Re:
> >> encrypted rsyncd - why was it never implemented?
> >> 
> > You can run rsyncd over ssh as well.  Either with -e ssh
> > host::module or you can use ssh's -L to tunnel the rsyncd port.
> > The difference is which user ends up running the rsyncd.
> > 
> > On 12/03/2014 12:40 PM, Tomasz Chmielewski wrote:
> >>>> rsync in daemon mode is very powerful, yet it comes with one
> >>>> big disadvantage: data is sent in plain.
> >>>> 
> >>>> The workarounds are not really satisfying:
> >>>> 
> >>>> 
> >>>> - use VPN - one needs to set up an extra service, not always 
> >>>> possible
> >>>> 
> >>>> - use stunnel - as above
> >>>> 
> >>>> - use SSH - is not as powerful as in daemon mode (i.e. read
> >>>> only access, chroot, easy way of adding/modifying users and
> >>>> modules etc.)
> >>>> 
> >>>> 
> >>>> Why was encrypted communication in rsyncd never implemented?
> >>>> Some technical disagreements? Nobody volunteered?
> >>>> 
> >>>> 
> > 
> >> -- Please use reply-all for most replies to avoid omitting the
> >> mailing list. To unsubscribe or change options:
> >> https://lists.samba.org/mailman/listinfo/rsync Before posting,
> >> read: http://www.catb.org/~esr/faqs/smart-questions.html
> >> 
> 
> - -- 
> ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
> 	Kevin Korb			Phone:    (407) 252-6853
> 	Systems Administrator		Internet:
> 	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
> 	Orlando, Florida		kmk at sanitarium.net (personal)
> 	Web page:			http://www.sanitarium.net/
> 	PGP public key available on web site.
> ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iEYEARECAAYFAlR/ZpYACgkQVKC1jlbQAQcv2wCg5VUHdgqm1qCKMjq2jMS+cYnU
> nC0AoJ6n/Pi9+CTAp0r5cPtF8V32y5G4
> =CtdG
> -----END PGP SIGNATURE-----
>


More information about the rsync mailing list