Aw: Re: encrypted rsyncd - why was it never implemented?
Karl O. Pinc
kop at meme.com
Wed Dec 3 13:38:15 MST 2014
On 12/03/2014 01:37:58 PM, Kevin Korb wrote:
> As far as a backup provider goes I wouldn't expect them to use rsync
> over SSL unless that were built into rsync in the future (and has
> been
> around long enough that most users would have it).
>
> I would expect them to either use rsync over ssh secured by rrsync or
> rsyncd over ssh with them managing the rsyncd.conf file. Either way
> the server side command would be forced and no other ssh
> functionality
> would be allowed.
<snip>
> I am thinking of something like this with in sshd_config with
> whichever ForceCommand they would pick:
>
> Match Group backupusers
> X11Forwarding no
> AllowTcpForwarding no
> ForceCommand /usr/bin/rsync --server --daemon .
> ForceCommand /usr/bin/rrsync-wrapper
>
> Note that a wrapper or modification would be needed for rrsync since
> sshd_config doesn't support %u or %h in ForceCommand :(
I am using command="rsync --server --daemon ."
in ~/ssh/authorized_keys. Correct me if I'm wrong,
but I believe this eliminates the need for %u or %h
and ForceCommand.
It does mean that key based authentication is required,
but this does not seem burdensome for a backup oriented
solution.
Karl <kop at meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the rsync
mailing list