On Mon, 2008-05-19 at 11:26 +0200, Bruno (libvirt) wrote:
> What are the plans to implement TLS directly into the mainstream rsync?
> This would be a huge improvement, when using rsync with a daemon and
> modules-based setup.
>
> It's already easy to tunnel rsync into ssh, but this requires
> 1) ssh-user and shell access
> 2) to specify the full remote path
> 3) to forget about all the nifty features of rsyncd.conf (uid/gid,
> ip-filtering, easy logging...)
> If you know about any plan for the inegration of SSL/TLS... maybe the
> CVS/SVN version has this already, please be kind and let me know.

There is a patch that is supposed to add SSL support:
http://rsync.samba.org/ftp/rsync/pat...l-support.diff
and some discussion of improving it:
http://lists.samba.org/archive/rsync...il/017578.html
but my impression is that the patch doesn't work and hasn't been fixed.

You could access the daemon through stunnel. Another option is to use a
single-use daemon invoked over ssh, with a forced command (rsync
--server --daemon .) that limits the ssh login to invoking the daemon;
see section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION"
in the man page. That gives you modules and logging right away. If you
need a uid/gid different from the ssh user's, you could run a
traditional daemon that listens only on localhost and have the ssh login
force a connection to that daemon, or you could just use ssh port
forwarding.

Matt

--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkgyCbwACgkQC+xSYN/Rlfu2aQCdH2GbjdEU5Ax7Di5jLUwuMzvc
3LEAnifwerGj5B4sjkmKRrXbMZshktoS
=BrU/
-----END PGP SIGNATURE-----

Matt McCutchen wrote:
> On Mon, 2008-05-19 at 11:26 +0200, Bruno (libvirt) wrote:
>
>> What are the plans to implement TLS directly into the mainstream rsync?
>> This would be a huge improvement, when using rsync with a daemon and
>> modules-based setup.
>>
>> It's already easy to tunnel rsync into ssh, but this requires
>> 1) ssh-user and shell access
>> 2) to specify the full remote path
>> 3) to forget about all the nifty features of rsyncd.conf (uid/gid,
>> ip-filtering, easy logging...)
>> If you know about any plan for the inegration of SSL/TLS... maybe the
>> CVS/SVN version has this already, please be kind and let me know.
>>
>
> There is a patch that is supposed to add SSL support:
> http://rsync.samba.org/ftp/rsync/pat...l-support.diff
> and some discussion of improving it:
> http://lists.samba.org/archive/rsync...il/017578.html
> but my impression is that the patch doesn't work and hasn't been fixed.
>
> You could access the daemon through stunnel. Another option is to use a
> single-use daemon invoked over ssh, with a forced command (rsync
> --server --daemon .) that limits the ssh login to invoking the daemon;
> see section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION"
> in the man page. That gives you modules and logging right away. If you
> need a uid/gid different from the ssh user's, you could run a
> traditional daemon that listens only on localhost and have the ssh login
> force a connection to that daemon, or you could just use ssh port
> forwarding.
>
> Matt
>

Thank you Matt for your response. I'm going to try that ASAP, but I've
read, too, that it's less than reliable.

Bruno
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html