Date: Wed, 6 Jun 2001 16:35:57 +0200 (CEST) From: Alexander Leidinger <Alexander@Leidinger.net> To: jim@siteplus.net Cc: erichz@superhero.org, freebsd-isp@FreeBSD.ORG Subject: Re: rsync for mirroring Message-ID: <200106061435.f56EZw018621@Magelan.Leidinger.net> In-Reply-To: <Pine.BSF.4.21.0106060758450.796-100000@veager.siteplus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6 Jun, Jim Weeks wrote: > I found this article very helpful http://www.freebsddiary.org/rsync.php > > You should be able to run the daemon fairly securely as (uid root) and (gid > wheel) as long as you follow the directions in the security section. You > should also set (list=false) in order to protect the names of your > modules. > > I should think that with the anonymity of your rsync user-name (which by > the way does not have to coincide with any system user-name), hidden > password and hidden module names combined with ssh encryption, you should > be fairly secure. I haven't read the article, but if I read the above paragraph: No! Don't rely on security by obscurity! If you run ssh as root: just do ssh port forwarding and only allow connections to the rsync daemon from localhost. Now just connect the rsync client to the ssh tunnel. But: do this only if you trust the users on the system where the rsync daemon runs. Bye, Alexander. -- ...and that is how we know the Earth to be banana-shaped. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106061435.f56EZw018621>