>The only place that an SSL would make some sense, is if you are going to do it to/from an rsync daemon,
yes, exactly.
>....but then how would that be "better" than a ssh-only account with keys/etc. only allowing the rsync to execute?
I think that`s far more secure by design, because you won`t allow shell-access which needs hardening afterwards.
For me it`s like giving someone the key to my house and then trying to keep him in the hallway , hoping all the other doors being properly closed....
I feel extremely uncomfortable with allowing other people shell access to a box, where they need nothing but filetransfer into some dedicated subdir.
regards
roland
Gesendet: Montag, 28. Januar 2013 um 10:22 Uhr
Von: "Hendrik Visage" <hvj...@gmail.com>
An: devz...@web.de
Cc: "rsync@lists.samba.org" <rsync@lists.samba.org>
Betreff: Re: rsyncssl
Von: "Hendrik Visage" <hvj...@gmail.com>
An: devz...@web.de
Cc: "rsync@lists.samba.org" <rsync@lists.samba.org>
Betreff: Re: rsyncssl
On Sun, Jan 27, 2013 at 12:07 AM, <devz...@web.de> wrote:
Why SSL when you already have a proper working SSH with certificates etc. that should be as good if not better?
Hi,
<snipped>
Isn`t RsyncSSL (wrap rsync with stunnel via stdin/out) the better solution ? (as it is using a mature external program for the SSL stuff)
Why SSL when you already have a proper working SSH with certificates etc. that should be as good if not better?
The only place that an SSL would make some sense, is if you are going to do it to/from an rsync daemon, but then how would that be "better" than a ssh-only account with keys/etc. only allowing the rsync to execute?
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
