Ben Hartshorne said on Mon, Jan 09, 2006 at 08:23:00PM -0800: > I want to use si_updateclient through an ssh tunnel. I find it improves > reliability in addition to providing security. How does it improve reliability? Running rsync over ssh certainly slows you down a lot; in addition to the encryption overhead, ssh screws with the TCP window algorithm[1] which slows you down if you're on fast net.
> The Golden server (golden) is running rsync but the port is firewalled > off - you may only connect to it from localhost. The whole ssh thing is > supposed to create a tunnel from the client to the server and port > forward some random local port to the rsync server on golden. Really? I'd expect it to just use the RSYNC_RSH=ssh variable, and not require port forwarding or an rsyncd running at all. > Here's my real question - does nobody use ssh support for > si_updateimage? It's been broken for a *long* time now, and I don't see > any complaints about it out there on the net. What gives? Is everyone > happy running their rsync cleartext over their network? Presumably, > you're running this thing in a protected network, so it's ok to not use > ssh. I use cleartext rsync. Using rsync over ssh has remained firmly in the class of "nice to have but not required"; I'm not sure how much it actually gains you in reality. M
signature.asc
Description: Digital signature
