FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-09-2010, 10:01 PM
Hal Vaughan
 
Default SSH & Rsync issues

In short:

I have ssh set up on two systems so I can ssh from one to the other. My id_rsa.pub in ~/.ssh on my system is copied into ~/.ssh/authorized_keys on the remote system. I can ssh from local to remote with no issue and it's configured so authentication does not use passwords, but uses the RSA ID. This works perfectly. "ssh remote" gets me logged in immediately.

I can rsync to the other machine. Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred. BUT when I try to use rsync over ssh, it will NOT work.


A bit more of an explanation:

The problem is that when I try

rsync localfile -vvvv --rsh=ssh ...
or
rsync localfile -vvvv -e"ssh -l myname" ...

(Yes, same stuff as before with the ...)

Then I get errors:

using the -e option gives me this:

rsync: -rsh=ssh: unknown option
_exit_cleanup(code=1, file=/SourceCache/rsync/rsync-40/rsync/main.c, line=1333): entered
rsync error: syntax or usage error (code 1) at /SourceCache/rsync/rsync-40/rsync/main.c(1333) [client=2.6.9]
_exit_cleanup(code=1, file=/SourceCache/rsync/rsync-40/rsync/main.c, line=1333): about to call exit(1)


using --rsh gives me this:

cmd=ssh machine=tnet-web user= path=threshNet-Public
cmd[0]=ssh cmd[1]=tnet-web cmd[2]=rsync cmd[3]=--server cmd[4]=--daemon cmd[5]=.
opening connection using ssh tnet-web rsync --server --daemon .
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
_exit_cleanup(code=12, file=/SourceCache/rsync/rsync-40/rsync/io.c, line=452): entered
rsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-40/rsync/io.c(452) [sender=2.6.9]
_exit_cleanup(code=12, file=/SourceCache/rsync/rsync-40/rsync/io.c, line=452): about to call exit(12)

I have config files for rsyncd.conf and sshd_conf included below my signature.

Both programs work separately, but if I try rsync over ssh, it simply does not work.

Any suggestions?

Thanks!



Hal
----------------------------------------------
rsyncd.conf:
----
#Globals:
log file = /var/log/rsyncd.log
secrets file = /etc/rsyncd.secrets

[threshNet]
path = /threshNet
comment = Full threshNet system backup
read only = no
#auth users = hal

[threshNet-Hal]
comment = threshNet test comm area
path = /threshNet/Hal
read only = no
auth users = hal

[threshNet-TNTest]
comment = threshNet communications area for TNTest
path = /threshNet/TNTest
read only = no
auth users = TNTest

[threshNet-Public]
comment = threshNet public comm directory for testing
path = threshNet/Public
read only = no

sshd_conf:
---------

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
#PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: A7016DE8-9F9D-475C-9EB8-97308036F381@halblog.com">http://lists.debian.org/A7016DE8-9F9D-475C-9EB8-97308036F381@halblog.com
 
Old 09-09-2010, 10:46 PM
Kevin Ross
 
Default SSH & Rsync issues

On 09/09/2010 03:01 PM, Hal Vaughan wrote:

I can rsync to the other machine. Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred. BUT when I try to use rsync over ssh, it will NOT work.



According to the man page, your first example should automatically use
ssh. It does for me.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C8963B1.6090403@familyross.net">http://lists.debian.org/4C8963B1.6090403@familyross.net
 
Old 09-10-2010, 12:56 AM
Hal Vaughan
 
Default SSH & Rsync issues

On Sep 9, 2010, at 6:46 PM, Kevin Ross wrote:

> On 09/09/2010 03:01 PM, Hal Vaughan wrote:
>> I can rsync to the other machine. Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred. BUT when I try to use rsync over ssh, it will NOT work.
>>
>
> According to the man page, your first example should automatically use ssh. It does for me.

Do you mean the first example in my first paragraph, where there's no reference to ssh or the one when I list examples, where I use "--rsh =ssh"?

How can I verify rsync is using ssh?

I found a few comments in man pages that left me confused, but I read man pages on Linux, on OS X, and on the web and there were a few references in some to, "in future versions," so it's hard to be sure, unless it's explicitly stated.



Hal

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: F44E19B6-6213-4FFE-8BC4-373CAD26BFE4@halblog.com">http://lists.debian.org/F44E19B6-6213-4FFE-8BC4-373CAD26BFE4@halblog.com
 
Old 09-10-2010, 01:46 AM
Kevin Ross
 
Default SSH & Rsync issues

On 9/9/2010 5:56 PM, Hal Vaughan wrote:

On Sep 9, 2010, at 6:46 PM, Kevin Ross wrote:


On 09/09/2010 03:01 PM, Hal Vaughan wrote:

I can rsync to the other machine. Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred. BUT when I try to use rsync over ssh, it will NOT work.


According to the man page, your first example should automatically use ssh. It does for me.

Do you mean the first example in my first paragraph, where there's no reference to ssh or the one when I list examples, where I use "--rsh =ssh"?

How can I verify rsync is using ssh?

I found a few comments in man pages that left me confused, but I read man pages on Linux, on OS X, and on the web and there were a few references in some to, "in future versions," so it's hard to be sure, unless it's explicitly stated.



Hal



Well, in my case, I verified it by the fact that on the server that I
copied the files to, the only programs listening were sshd, postfix, and
dovecot.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C898DD9.2050301@familyross.net">http://lists.debian.org/4C898DD9.2050301@familyross.net
 
Old 09-10-2010, 12:14 PM
Rob Owens
 
Default SSH & Rsync issues

On Thu, Sep 09, 2010 at 06:01:55PM -0400, Hal Vaughan wrote:
> In short:
>
> I have ssh set up on two systems so I can ssh from one to the other. My id_rsa.pub in ~/.ssh on my system is copied into ~/.ssh/authorized_keys on the remote system. I can ssh from local to remote with no issue and it's configured so authentication does not use passwords, but uses the RSA ID. This works perfectly. "ssh remote" gets me logged in immediately.
>
> I can rsync to the other machine. Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred. BUT when I try to use rsync over ssh, it will NOT work.
>
>
> A bit more of an explanation:
>
> The problem is that when I try
>
> rsync localfile -vvvv --rsh=ssh ...
> or
> rsync localfile -vvvv -e"ssh -l myname" ...
>
> (Yes, same stuff as before with the ...)
>
> Then I get errors:
>
> using the -e option gives me this:
>
> rsync: -rsh=ssh: unknown option
> _exit_cleanup(code=1, file=/SourceCache/rsync/rsync-40/rsync/main.c, line=1333): entered
> rsync error: syntax or usage error (code 1) at /SourceCache/rsync/rsync-40/rsync/main.c(1333) [client=2.6.9]
> _exit_cleanup(code=1, file=/SourceCache/rsync/rsync-40/rsync/main.c, line=1333): about to call exit(1)
>
>
> using --rsh gives me this:
>
> cmd=ssh machine=tnet-web user= path=threshNet-Public
> cmd[0]=ssh cmd[1]=tnet-web cmd[2]=rsync cmd[3]=--server cmd[4]=--daemon cmd[5]=.
> opening connection using ssh tnet-web rsync --server --daemon .
> rsync: connection unexpectedly closed (0 bytes received so far) [sender]
> _exit_cleanup(code=12, file=/SourceCache/rsync/rsync-40/rsync/io.c, line=452): entered
> rsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-40/rsync/io.c(452) [sender=2.6.9]
> _exit_cleanup(code=12, file=/SourceCache/rsync/rsync-40/rsync/io.c, line=452): about to call exit(12)
>
> I have config files for rsyncd.conf and sshd_conf included below my signature.
>
> Both programs work separately, but if I try rsync over ssh, it simply does not work.
>
> Any suggestions?
>
I think you are mixing/confusing the 2 rsync methods. One is the rsyncd
daemon. To rsync to an rsyncd daemon, you use two colons after the
hostname, like this

rsync localfile tnet-web::threshNet-Public

This tranfers everything in the clear. Last I checked, there was no
built-in method to transfer over ssh using the daemon. You could set up
an SSL or SSH tunnel to do that.


The other method of using rsync is with a single colon, like this

rsync localfile tnet-web:threshNet-Public

This automatically uses ssh for transfer, but it requires a few things.

1) your user must have an account on tnet-web
2) threshNet-Public is a folder inside your user's home directory on
tnet-web
3) it does not require an rsyncd.conf file, and doesn't look at it even
if you have one.


Hope that helps.

-Rob


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100910121418.GB14903@aurora.owens.net">http://lists.debian.org/20100910121418.GB14903@aurora.owens.net
 
Old 09-10-2010, 02:57 PM
Hal Vaughan
 
Default SSH & Rsync issues

On Sep 10, 2010, at 8:14 AM, Rob Owens wrote:

> On Thu, Sep 09, 2010 at 06:01:55PM -0400, Hal Vaughan wrote:
>> In short:
>>
>> I have ssh set up on two systems so I can ssh from one to the other. My id_rsa.pub in ~/.ssh on my system is copied into ~/.ssh/authorized_keys on the remote system. I can ssh from local to remote with no issue and it's configured so authentication does not use passwords, but uses the RSA ID. This works perfectly. "ssh remote" gets me logged in immediately.
>>
>> I can rsync to the other machine. Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred. BUT when I try to use rsync over ssh, it will NOT work

>> ....
>> Any suggestions?
>>
> I think you are mixing/confusing the 2 rsync methods. One is the rsyncd
> daemon. To rsync to an rsyncd daemon, you use two colons after the
> hostname, like this
>
> rsync localfile tnet-web::threshNet-Public
>
> This tranfers everything in the clear. Last I checked, there was no
> built-in method to transfer over ssh using the daemon. You could set up
> an SSL or SSH tunnel to do that.
>
>
> The other method of using rsync is with a single colon, like this
>
> rsync localfile tnet-web:threshNet-Public
>
> This automatically uses ssh for transfer, but it requires a few things.
>
> 1) your user must have an account on tnet-web
> 2) threshNet-Public is a folder inside your user's home directory on
> tnet-web
> 3) it does not require an rsyncd.conf file, and doesn't look at it even
> if you have one.
>
>
> Hope that helps.

Yes, that clarifies it. I was not aware of the one colon vs. the two colon situation at all and it makes a lot of sense.

But that still leaves the "--rsh=ssh" option as a question. From reading the man pages, I was thinking that would make rsync use ssh, but nothing I've done made it work.

I've decided to encrypt the files before syncing them so they won't be sent in the clear and to use passwords on rsync. Since a number of different client systems will use this setup, I don't want them all having ssh keys or access to the system through ssh in case of a break-in.


Thank you. You've cleared up a LOT for me.



Hal

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 2F4C87E7-585A-4704-BBD3-33BFBB945679@halblog.com">http://lists.debian.org/2F4C87E7-585A-4704-BBD3-33BFBB945679@halblog.com
 
Old 09-10-2010, 05:36 PM
Rob Owens
 
Default SSH & Rsync issues

On Fri, Sep 10, 2010 at 10:57:56AM -0400, Hal Vaughan wrote:
>
> On Sep 10, 2010, at 8:14 AM, Rob Owens wrote:
>
> > On Thu, Sep 09, 2010 at 06:01:55PM -0400, Hal Vaughan wrote:
> >> In short:
> >>
> >> I have ssh set up on two systems so I can ssh from one to the other. My id_rsa.pub in ~/.ssh on my system is copied into ~/.ssh/authorized_keys on the remote system. I can ssh from local to remote with no issue and it's configured so authentication does not use passwords, but uses the RSA ID. This works perfectly. "ssh remote" gets me logged in immediately.
> >>
> >> I can rsync to the other machine. Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred. BUT when I try to use rsync over ssh, it will NOT work
>
> >> ....
> >> Any suggestions?
> >>
> > I think you are mixing/confusing the 2 rsync methods. One is the rsyncd
> > daemon. To rsync to an rsyncd daemon, you use two colons after the
> > hostname, like this
> >
> > rsync localfile tnet-web::threshNet-Public
> >
> > This tranfers everything in the clear. Last I checked, there was no
> > built-in method to transfer over ssh using the daemon. You could set up
> > an SSL or SSH tunnel to do that.
> >
> >
> > The other method of using rsync is with a single colon, like this
> >
> > rsync localfile tnet-web:threshNet-Public
> >
> > This automatically uses ssh for transfer, but it requires a few things.
> >
> > 1) your user must have an account on tnet-web
> > 2) threshNet-Public is a folder inside your user's home directory on
> > tnet-web
> > 3) it does not require an rsyncd.conf file, and doesn't look at it even
> > if you have one.
> >
> >
> > Hope that helps.
>
> Yes, that clarifies it. I was not aware of the one colon vs. the two colon situation at all and it makes a lot of sense.
>
> But that still leaves the "--rsh=ssh" option as a question. From reading the man pages, I was thinking that would make rsync use ssh, but nothing I've done made it work.
>
> I've decided to encrypt the files before syncing them so they won't be sent in the clear and to use passwords on rsync. Since a number of different client systems will use this setup, I don't want them all having ssh keys or access to the system through ssh in case of a break-in.
>
>
> Thank you. You've cleared up a LOT for me.
>
On my Lenny system, "man rsync" states the following in the "CONNECTING
TO AN RSYNC DAEMON" section:

you must not specify the --rsh (-e) option

There's also a section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL
CONNECTION" that you might find useful. It mentions some ways of
encrypting the rsync daemon transfer.

It also shows the following command, which seems to ignore the "you must
not specify..." rule above: rsync -av --rsh=ssh host::module /dest
But if you read carefully it seems to say that this requires a user
account on the host machine. I've never tried that, so I can't help you
much there.

You should probably google "rsyncd encryption" and see what you can
find.


For the single-colon rsync, you don't need to specify --rsh=ssh. It is
the default.

-Rob


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100910173632.GB16817@aurora.owens.net">http://lists.debian.org/20100910173632.GB16817@aurora.owens.net
 
Old 09-10-2010, 06:18 PM
Hal Vaughan
 
Default SSH & Rsync issues

On Sep 10, 2010, at 1:36 PM, Rob Owens wrote:

> On Fri, Sep 10, 2010 at 10:57:56AM -0400, Hal Vaughan wrote:
>>
>> On Sep 10, 2010, at 8:14 AM, Rob Owens wrote:
>>
>>> On Thu, Sep 09, 2010 at 06:01:55PM -0400, Hal Vaughan wrote:
>>>> In short:
>>>>
>>>> I have ssh set up on two systems so I can ssh from one to the other. My id_rsa.pub in ~/.ssh on my system is copied into ~/.ssh/authorized_keys on the remote system. I can ssh from local to remote with no issue and it's configured so authentication does not use passwords, but uses the RSA ID. This works perfectly. "ssh remote" gets me logged in immediately.
>>>>
>>>> I can rsync to the other machine. Using "rsync localfile tnet-web::threshNet-Public" works fine and the file is transferred. BUT when I try to use rsync over ssh, it will NOT work
>>
>>>> ....
>>>> Any suggestions?
>>>>
>>> I think you are mixing/confusing the 2 rsync methods. One is the rsyncd
>>> daemon. To rsync to an rsyncd daemon, you use two colons after the
>>> hostname, like this
>>>
>>> rsync localfile tnet-web::threshNet-Public
>>>
>>> This tranfers everything in the clear. Last I checked, there was no
>>> built-in method to transfer over ssh using the daemon. You could set up
>>> an SSL or SSH tunnel to do that.
>>>
>>>
>>> The other method of using rsync is with a single colon, like this
>>>
>>> rsync localfile tnet-web:threshNet-Public
>>>
>>> This automatically uses ssh for transfer, but it requires a few things.
>>>
>>> 1) your user must have an account on tnet-web
>>> 2) threshNet-Public is a folder inside your user's home directory on
>>> tnet-web
>>> 3) it does not require an rsyncd.conf file, and doesn't look at it even
>>> if you have one.
>>>
>>>
>>> Hope that helps.
>>
>> Yes, that clarifies it. I was not aware of the one colon vs. the two colon situation at all and it makes a lot of sense.
>>
>> But that still leaves the "--rsh=ssh" option as a question. From reading the man pages, I was thinking that would make rsync use ssh, but nothing I've done made it work.
>>
>> I've decided to encrypt the files before syncing them so they won't be sent in the clear and to use passwords on rsync. Since a number of different client systems will use this setup, I don't want them all having ssh keys or access to the system through ssh in case of a break-in.
>>
>>
>> Thank you. You've cleared up a LOT for me.
>>
> On my Lenny system, "man rsync" states the following in the "CONNECTING
> TO AN RSYNC DAEMON" section:
>
> you must not specify the --rsh (-e) option

I had never realized man pages differed so much. I even found differences on the man pages on my iMac. (Can I say "iMac" on this list or is it a dirty word here?)

> There's also a section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL
> CONNECTION" that you might find useful. It mentions some ways of
> encrypting the rsync daemon transfer.
>
> It also shows the following command, which seems to ignore the "you must
> not specify..." rule above: rsync -av --rsh=ssh host::module /dest
> But if you read carefully it seems to say that this requires a user
> account on the host machine. I've never tried that, so I can't help you
> much there.

That's where I got confusing -- they give an example, the very one you point out, and I tried it, but could not get it to work, even with a user who had an account on the receiving system. The remote system, though, was on my web hosting service and it was later I realized they have a different version of rsync, which could result in compatibility issues or that version not doing what others can do. I did try it, though, exactly like they described, and with a user who had a shell account on the remote system.

> You should probably google "rsyncd encryption" and see what you can
> find.
>
>
> For the single-colon rsync, you don't need to specify --rsh=ssh. It is
> the default.

Yeah, but I don't want to set up user accounts on the host. For one thing, on my web hosting site, Westhost doesn't provide an easy way to add users, so I can't just add another easily. Everything in my system is automated so I can add a new client/user with a single command. It's a pain to have it all set up here then have to go to the web control panel on the website to add a user. When it's not automated, it's easy to forget a step of the process.

I've decided I'm going to encrypt the files locally, then send them up using rsync to an account that requires a password and the other system will download them THEN unencrypt them, so the files will be encrypted when sent over the Internet and stored there and only clear when they're on a local system.

Thanks for the info on this. I'm going to give up, in this case, on the whole ssh thing with rsync.




Hal

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 2A5A5E5E-F874-4E47-B933-591882C8F070@halblog.com">http://lists.debian.org/2A5A5E5E-F874-4E47-B933-591882C8F070@halblog.com
 
Old 09-10-2010, 06:49 PM
Rob Owens
 
Default SSH & Rsync issues

On Fri, Sep 10, 2010 at 02:18:42PM -0400, Hal Vaughan wrote:
>
> On Sep 10, 2010, at 1:36 PM, Rob Owens wrote:
> > You should probably google "rsyncd encryption" and see what you can
> > find.
> >
> >
> > For the single-colon rsync, you don't need to specify --rsh=ssh. It is
> > the default.
>
> Yeah, but I don't want to set up user accounts on the host. For one thing, on my web hosting site, Westhost doesn't provide an easy way to add users, so I can't just add another easily. Everything in my system is automated so I can add a new client/user with a single command. It's a pain to have it all set up here then have to go to the web control panel on the website to add a user. When it's not automated, it's easy to forget a step of the process.
>
> I've decided I'm going to encrypt the files locally, then send them up using rsync to an account that requires a password and the other system will download them THEN unencrypt them, so the files will be encrypted when sent over the Internet and stored there and only clear when they're on a local system.
>
Just be careful. I think I recall reading that the rsyncd user/password
is sent either cleartext or with not-too-difficult-to-crack encryption.

Here is a fairly old writeup on using rsyncd with stunnel. Maybe it
will be helpful.
http://www.netbits.us/docs/stunnel_rsync.html

-Rob


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100910184926.GA17565@aurora.owens.net">http://lists.debian.org/20100910184926.GA17565@aurora.owens.net
 
Old 09-10-2010, 08:49 PM
Hal Vaughan
 
Default SSH & Rsync issues

On Sep 10, 2010, at 2:49 PM, Rob Owens wrote:

> On Fri, Sep 10, 2010 at 02:18:42PM -0400, Hal Vaughan wrote:
>>
>> On Sep 10, 2010, at 1:36 PM, Rob Owens wrote:
>>> You should probably google "rsyncd encryption" and see what you can
>>> find.
>>>
>>>
>>> For the single-colon rsync, you don't need to specify --rsh=ssh. It is
>>> the default.
>>
>> Yeah, but I don't want to set up user accounts on the host. For one thing, on my web hosting site, Westhost doesn't provide an easy way to add users, so I can't just add another easily. Everything in my system is automated so I can add a new client/user with a single command. It's a pain to have it all set up here then have to go to the web control panel on the website to add a user. When it's not automated, it's easy to forget a step of the process.
>>
>> I've decided I'm going to encrypt the files locally, then send them up using rsync to an account that requires a password and the other system will download them THEN unencrypt them, so the files will be encrypted when sent over the Internet and stored there and only clear when they're on a local system.
>>
> Just be careful. I think I recall reading that the rsyncd user/password
> is sent either cleartext or with not-too-difficult-to-crack encryption.
>
> Here is a fairly old writeup on using rsyncd with stunnel. Maybe it
> will be helpful.
> http://www.netbits.us/docs/stunnel_rsync.html

Thanks for the tip and the info on stunnel!



Hal

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: BEBAF511-39E2-4DE3-B6C3-4796CB14271C@halblog.com">http://lists.debian.org/BEBAF511-39E2-4DE3-B6C3-4796CB14271C@halblog.com
 

Thread Tools




All times are GMT. The time now is 10:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org