* rsync and ssh
@ 2003-06-23 16:46 Miguel González Castaños
2003-06-23 16:55 ` Robert L. Harris
0 siblings, 1 reply; 3+ messages in thread
From: Miguel González Castaños @ 2003-06-23 16:46 UTC (permalink / raw)
To: linux-admin
dear all,
I am considering to use a synchronization tool to synchronize the
contents of some directories and mirror some directories from one server
to another intranet server behind a dial-up connection.
As you guys can imagine the speed of the connection is an issue and I
am thinking of a system to send securely the data using some
compression.
the customer suggested rsync, I have looked through a little bit around
the rsync website and see that there is ssh support for that tool. Which
it would be setup for such system? Should i store the password of the
user used for sshing the server in plain text in a file?
Many thanks in advance
Miguel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: rsync and ssh
2003-06-23 16:46 rsync and ssh Miguel González Castaños
@ 2003-06-23 16:55 ` Robert L. Harris
2003-06-23 21:10 ` Stephen Samuel
0 siblings, 1 reply; 3+ messages in thread
From: Robert L. Harris @ 2003-06-23 16:55 UTC (permalink / raw)
To: Miguel Gonz?lez Casta?os; +Cc: linux-admin
[-- Attachment #1: Type: text/plain, Size: 2038 bytes --]
Use "rsync -e ssh" and set up a trust. Make sure that the system
initiating the connection is very secure otherwise you've opened up a
hole with the user's ID on the remote system.
Ideal situation?
Machine A sends a file to Machine B
Create a new id "rsync-foo" on both machines with 0 privs. Make the
home dirs /var/tmp/ and a shell of /dev/null (SHOULD work with rsync).
Establish trust from A to B using the rsync-foo user ID.
rsync -e ssh -avHD -stats /source/files /target/files
Then a cron job on MachineB which validates the data and then
copies/rsync's it to it's final destination.
Robert
Thus spake Miguel Gonz?lez Casta?os (mgc@tid.es):
> dear all,
>
> I am considering to use a synchronization tool to synchronize the
> contents of some directories and mirror some directories from one server
> to another intranet server behind a dial-up connection.
>
> As you guys can imagine the speed of the connection is an issue and I
> am thinking of a system to send securely the data using some
> compression.
>
> the customer suggested rsync, I have looked through a little bit around
> the rsync website and see that there is ssh support for that tool. Which
> it would be setup for such system? Should i store the password of the
> user used for sshing the server in plain text in a file?
>
> Many thanks in advance
>
> Miguel
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
:wq!
---------------------------------------------------------------------------
Robert L. Harris | GPG Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
Diagnosis: witzelsucht
IPv6 = robert@ipv6.rdlg.net http://ipv6.rdlg.net
IPv4 = robert@mail.rdlg.net http://www.rdlg.net
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: rsync and ssh
2003-06-23 16:55 ` Robert L. Harris
@ 2003-06-23 21:10 ` Stephen Samuel
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Samuel @ 2003-06-23 21:10 UTC (permalink / raw)
To: Robert L. Harris; +Cc: Miguel Gonz?lez Casta?os, linux-admin
The machine at the destination end should not need to be
uid 0 (root equiv) unless the source files belong to more than one
user and those uid's need to be preserved on the recipient system.
It's actually still possible to do it without root privs on the
destination system by setting up a cron job for each user on the
source system, and a trust to the equivalent users on the destination
system. (presumes a limited number of users or an automated system
for setting up the rsyncs).
To make life a bit safer, you can also limit the SSH connection
on the recipient system such that only rsync is usable by the
RSA/DSA keys used to do the rsync.
Robert L. Harris wrote:
>
> Use "rsync -e ssh" and set up a trust. Make sure that the system
> initiating the connection is very secure otherwise you've opened up a
> hole with the user's ID on the remote system.
>
> Ideal situation?
>
> Machine A sends a file to Machine B
> Create a new id "rsync-foo" on both machines with 0 privs. Make the
> home dirs /var/tmp/ and a shell of /dev/null (SHOULD work with rsync).
> Establish trust from A to B using the rsync-foo user ID.
>
> rsync -e ssh -avHD -stats /source/files /target/files
>
> Then a cron job on MachineB which validates the data and then
> copies/rsync's it to it's final destination.
>
> Robert
--
Stephen Samuel +1(604)876-0426 samuel@bcgreen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication. Transformation touching
the jewel within each person and bring it to life.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-06-23 21:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-06-23 16:46 rsync and ssh Miguel González Castaños
2003-06-23 16:55 ` Robert L. Harris
2003-06-23 21:10 ` Stephen Samuel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).