SSL/TLS support in RSYNC - Tools

This is a discussion on SSL/TLS support in RSYNC - Tools ; Hello all, This is my first post on this mailing-list. I know this issue has been talked about amny times, but I can't find any real answer anyway. What are the plans to implement TLS directly into the mainstream rsync? ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: SSL/TLS support in RSYNC

  1. SSL/TLS support in RSYNC

    Hello all,

    This is my first post on this mailing-list. I know this issue has been
    talked about amny times, but I can't find any real answer anyway.
    What are the plans to implement TLS directly into the mainstream rsync?
    This would be a huge improvement, when using rsync with a daemon and
    modules-based setup.

    It's already easy to tunnel rsync into ssh, but this requires
    1) ssh-user and shell access
    2) to specify the full remote path
    3) to forget about all the nifty features of rsyncd.conf (uid/gid,
    ip-filtering, easy logging...)
    If you know about any plan for the inegration of SSL/TLS... maybe the
    CVS/SVN version has this already, please be kind and let me know.

    Regards,

    Bruno Medici
    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


  2. Re: SSL/TLS support in RSYNC

    On Mon, 2008-05-19 at 11:26 +0200, Bruno (libvirt) wrote:
    > What are the plans to implement TLS directly into the mainstream rsync?
    > This would be a huge improvement, when using rsync with a daemon and
    > modules-based setup.
    >
    > It's already easy to tunnel rsync into ssh, but this requires
    > 1) ssh-user and shell access
    > 2) to specify the full remote path
    > 3) to forget about all the nifty features of rsyncd.conf (uid/gid,
    > ip-filtering, easy logging...)
    > If you know about any plan for the inegration of SSL/TLS... maybe the
    > CVS/SVN version has this already, please be kind and let me know.


    There is a patch that is supposed to add SSL support:
    http://rsync.samba.org/ftp/rsync/pat...l-support.diff
    and some discussion of improving it:
    http://lists.samba.org/archive/rsync...il/017578.html
    but my impression is that the patch doesn't work and hasn't been fixed.

    You could access the daemon through stunnel. Another option is to use a
    single-use daemon invoked over ssh, with a forced command (rsync
    --server --daemon .) that limits the ssh login to invoking the daemon;
    see section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION"
    in the man page. That gives you modules and logging right away. If you
    need a uid/gid different from the ssh user's, you could run a
    traditional daemon that listens only on localhost and have the ssh login
    force a connection to that daemon, or you could just use ssh port
    forwarding.

    Matt

    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.9 (GNU/Linux)

    iEYEABECAAYFAkgyCbwACgkQC+xSYN/Rlfu2aQCdH2GbjdEU5Ax7Di5jLUwuMzvc
    3LEAnifwerGj5B4sjkmKRrXbMZshktoS
    =BrU/
    -----END PGP SIGNATURE-----


  3. Re: SSL/TLS support in RSYNC

    Matt McCutchen wrote:
    > On Mon, 2008-05-19 at 11:26 +0200, Bruno (libvirt) wrote:
    >
    >> What are the plans to implement TLS directly into the mainstream rsync?
    >> This would be a huge improvement, when using rsync with a daemon and
    >> modules-based setup.
    >>
    >> It's already easy to tunnel rsync into ssh, but this requires
    >> 1) ssh-user and shell access
    >> 2) to specify the full remote path
    >> 3) to forget about all the nifty features of rsyncd.conf (uid/gid,
    >> ip-filtering, easy logging...)
    >> If you know about any plan for the inegration of SSL/TLS... maybe the
    >> CVS/SVN version has this already, please be kind and let me know.
    >>

    >
    > There is a patch that is supposed to add SSL support:
    > http://rsync.samba.org/ftp/rsync/pat...l-support.diff
    > and some discussion of improving it:
    > http://lists.samba.org/archive/rsync...il/017578.html
    > but my impression is that the patch doesn't work and hasn't been fixed.
    >
    > You could access the daemon through stunnel. Another option is to use a
    > single-use daemon invoked over ssh, with a forced command (rsync
    > --server --daemon .) that limits the ssh login to invoking the daemon;
    > see section "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION"
    > in the man page. That gives you modules and logging right away. If you
    > need a uid/gid different from the ssh user's, you could run a
    > traditional daemon that listens only on localhost and have the ssh login
    > force a connection to that daemon, or you could just use ssh port
    > forwarding.
    >
    > Matt
    >


    Thank you Matt for your response. I'm going to try that ASAP, but I've
    read, too, that it's less than reliable.

    Bruno
    --
    Please use reply-all for most replies to avoid omitting the mailing list.
    To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
    Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html


+ Reply to Thread