Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
RE: [suse-security] secure way of rsyncing ?
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Fri, 25 Jan 2002 06:23:53 +0100
  • Message-id: <96C102324EF9D411A49500306E06C8D1A56CED@xxxxxxxxxxxxxxxxx>
Sven Michels wrote:
> Jens Georg wrote:
> > i have to keep three servers uptodate and i would like to
> do this using
> > rsync. as far as i know there are several security concerns
> about rsync, so
> > is there another tool available that can do this for me ?
> btw ... i am using
> > sftp to encrypt my ftp-session ? maybe there's a similiar
> tool for rsync
> > available, too ?
>
> use rsync over ssh (-e ssh) and all will be fine ;)
> you can use dsa/rsa keys for authentification like sftp/ssh
> does and that should solve your problem

You may find it a bit of a problem that to use SSH, the user account you're
connecting to on the SSH server needs a shell to be able to execute the
rsync command. You can take most of the risk out of this by specifying the
command to be called in the SSH public key used for authentication, though.
Use the following option in the public key:

command="[<PATH>]rsync --server --sender -vlogDtpr <source path>"

This pulls data from the server, if you with to 'push' data to the server,
you'll probably need to replace the '--sender' option with something else or
remove it alltogether -- I'm not looking at the man-page right now but
quoting from a personal implementation reference.

Cheers
Tobias

< Previous Next >
This Thread
  • No further messages