Hi, Sorry if the question has been asked before and already replied then just point me rather sending flames as it has already been an extremely bad day. This is what I want to do I am placing a webserver on DMZ (192.168.2.2) apache is running chrooted via compartment the webpages are located at $CHROOT/webhome the directory and files are owned by wwwrun.nogroup I want to be able to run rsync to update the web pages however I only want to open the minimum number of ports in the firewall. The question is how can I force rsync to except communication from ssh only rather than from rsync port. Thanks -- Togan Muftuoglu
Sorry if the question has been asked before and already replied then just point me rather sending flames as it has already been an extremely bad day.
This is what I want to do
I am placing a webserver on DMZ (192.168.2.2) apache is running chrooted via compartment the webpages are located at $CHROOT/webhome the directory and files are owned by wwwrun.nogroup
I want to be able to run rsync to update the web pages however I only want to open the minimum number of ports in the firewall.
The question is how can I force rsync to except communication from ssh only rather than from rsync port.
Thanks
You don't run rsyncd at all. Rather use it like export RSYNC_RSH=ssh rsync -avH --partial --delete source_dir user@host:remote_dir rsync will launch ssh and execute rsync --server on the remote side. Roman.
* Roman Drahtmueller; <draht@suse.de> on 23 Jan, 2002 wrote:
You don't run rsyncd at all. Rather use it like
export RSYNC_RSH=ssh rsync -avH --partial --delete source_dir user@host:remote_dir
rsync will launch ssh and execute rsync --server on the remote side.
Roman.
Ok I could be misreading but my understanding was on the remote server you had to have "rsync server" listening for this to happen. Am I out of track do I need more caffeine :-) Thanks -- Togan Muftuoglu
* Togan Muftuoglu; <toganm@users.sourceforge.net> on 23 Jan, 2002 wrote:
* Roman Drahtmueller; <draht@suse.de> on 23 Jan, 2002 wrote:
You don't run rsyncd at all. Rather use it like
export RSYNC_RSH=ssh rsync -avH --partial --delete source_dir user@host:remote_dir
rsync will launch ssh and execute rsync --server on the remote side.
Roman.
Ok I could be misreading but my understanding was on the remote server you had to have "rsync server" listening for this to happen. Am I out of track do I need more caffeine :-)
Sorry Coffee was the answer sorted out -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
On Wednesday 23 January 2002 15:05, Togan Muftuoglu wrote:
Sorry if the question has been asked before and already replied then just point me rather sending flames as it has already been an extremely bad day.
This is what I want to do
I am placing a webserver on DMZ (192.168.2.2) apache is running chrooted via compartment the webpages are located at $CHROOT/webhome the directory and files are owned by wwwrun.nogroup
I want to be able to run rsync to update the web pages however I only want to open the minimum number of ports in the firewall.
The question is how can I force rsync to except communication from ssh only rather than from rsync port.
Just make sure you don't have the rsyncd enabled, by inetd, or running standalone (if it can do that). Taking a belt and braces approach, block daemons with hosts.allow and host.deny, block the rsync port in your packet filter, comment out unwanted daemons in inetd (consider if you really need inetd running at all). And then run netstat -lp to see what programs are listening on what ports. It's very similar to disabling Sun RPC portmapper. Rob
participants (3)
-
Robert Davies -
Roman Drahtmueller -
Togan Muftuoglu