On Fri, 8 Feb 2019 at 17:50, Russ Allbery <ea...@eyrie.org> wrote: > Nick Cleaton <n...@cleaton.net> writes: > > > rsync -av -e ssh /my/thing u...@rsync-server.example.com::backups/ > > Don't you lose SSH authentication this way? You're spawning a separate > daemon that I think is now using the built-in rsync authentication, which > is just password (or nothing), so an attacker can then just connect > directly to the daemon that you've spawned. >
No, with --server and --daemon (as opposed to just --daemon) you get an rsync daemon connection over an ssh transport, it doesn't listen on a tcp port. http://man7.org/linux/man-pages/man1/rsync.1.html#USING_RSYNC-DAEMON_FEATURES_VIA_A_REMOTE-SHELL_CONNECTION I was wrong about being able to use the user@server syntax though, apparently you have to use -e "ssh -l $username" instead. > -- > Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> > >
_______________________________________________ rssh-discuss mailing list rssh-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rssh-discuss
