On Wed, May 22, 2002 at 02:39:00PM -0700, Mike Rubel wrote: > > > > If so, I am trying to find the best way to restrict rsync -e ssh on the > > > remote machine. Prepending the authorized_keys entry with > > > command='rsync ...' 1024... results in the 'Protocol mismatch - is your > > > shell clean?' error. > > This brings up an interesting question. Does anyone use the server > version of rsyncd with an ssh tunnel? In other words: > > On the server, bring up sshd listening on *:22, and rsyncd accepting > connections from localhost only, port 873. > > Then, on the client machine, set up an ssh tunnel: > > ssh server -L 1873:server:873 > > (I just picked 1873 for convenience; you could use any open > user-accessible port). > > Then rsync to localhost:1873, letting ssh carry the connection over the > tunnel to the server: > > rsync rsync://user@localhost:1873/path/to/source dest > > Does anyone use this approach? Are there any advantages/disadvantages?
I didn't see any respones to your message so I guess it isn't very widely done. I haven't tried it but I don't see why it wouldn't work. You could probably use "hosts allow = localhost" to disallow people from using port 873 directly. The solution we've been wanting to put in is JD Paul's patch to run rsync --daemon directly over ssh. That would be easier to use because you don't have to have to have anything listening on a port. - Dave Dykstra -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
