Aw: Re: encrypted rsyncd - why was it never implemented?

Karl O. Pinc kop at
Wed Dec 3 13:38:15 MST 2014

On 12/03/2014 01:37:58 PM, Kevin Korb wrote:
> As far as a backup provider goes I wouldn't expect them to use rsync
> over SSL unless that were built into rsync in the future (and has 
> been
> around long enough that most users would have it).
> I would expect them to either use rsync over ssh secured by rrsync or
> rsyncd over ssh with them managing the rsyncd.conf file.  Either way
> the server side command would be forced and no other ssh 
> functionality
> would be allowed.


> I am thinking of something like this with in sshd_config with
> whichever ForceCommand they would pick:
> Match Group backupusers
>   X11Forwarding no
>   AllowTcpForwarding no
>   ForceCommand /usr/bin/rsync --server --daemon .
>   ForceCommand /usr/bin/rrsync-wrapper
> Note that a wrapper or modification would be needed for rrsync since
> sshd_config doesn't support %u or %h in ForceCommand :(

I am using command="rsync --server --daemon ." 
in ~/ssh/authorized_keys.  Correct me if I'm wrong,
but I believe this eliminates the need for %u or %h
and ForceCommand.

It does mean that key based authentication is required,
but this does not seem burdensome for a backup oriented

Karl <kop at>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

More information about the rsync mailing list