2000-09-22-11:51:47 Sanjeev Jha:
> How far it is true that, if we use SSH port for rsync and keep it
> open, it will allow non-authorized user to connect (if he knows
> rsync_password)?
What is required to get in depends on how you have the ssh daemon
configured. If you're using password protection, then if the
attacker knows the password, they can get in. If you're using
RSAAuthentication, then if the attacker has the RSA key, they can
get in.
Once they've gotten in, what can they do? That also depends on how
you have ssh configured. You can restrict it as much as you want; by
using a careful configuration you can narrow access down to a single
key, from a single IP addr, and ensure that even if the attacker
comes from that addr and has that key, all they can do is read, or
upload, depending on which way you're moving data.
> Alternatively, If I keep rsync port open and using '-e ssh'
> option, even unauthorized user can enter into the system throug
> rsync port.
That sentence doesn't make sense to me. If you're using "-e ssh",
the only network port you need open on the server is ssh, port 22.
If you are using "the rsync port", 873/tcp, then you aren't using
"-e ssh", you're using the rsync server syntax, either
rsync://host/[...] or else host::[...].
-Bennett
PGP signature
