Re: Files copied into wrong directory

2007-07-21 Thread Matt McCutchen 

On 7/19/07, Matt McCutchen [EMAIL PROTECTED] wrote:

Notwithstanding that paragraph, if you forward a local port to the
daemon's port, you're additionally in danger of others on the local
machine piggybacking on that forward.  Using a ProxyCommand in place
of a port forward (see method 2 on
http://rsync.samba.org/firewall.html ) doesn't have the piggybacking
problem and also tends to be more convenient.


Oops, I realized that's not quite what I meant to say.  The goal is
not to set a ProxyCommand for ssh to *use* (as is the case when there
are two ssh-es involved), but to set the equivalent of a proxy command
for rsync to use, the command itself involving ssh.  I described the
two ways to do that at the end of this message:
http://lists.samba.org/archive/rsync/2007-May/017793.html .  Wayne,
please consider mentioning one or both methods on
http://rsync.samba.org/firewall.html .

Matt
--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Files copied into wrong directory

2007-07-19 Thread Alan Cheers 
I've got to be overlooking something but when I use rsync client to copy files 
from one box to another it creates the folder/files in the root directory 
instead of what is specified in the module path statement.

I have tried it via ssh and without.  With user authentication on and without.  
I also stripped down the daemon config file to the bare minimum.  Still no luck.

Can somebody explain to me what I am doing wrong?  What is the relationship 
between rsync daemon and the path?  What would prevent it from using the 
specified path?

Thanks for any tips.

-Alan

--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Re: Files copied into wrong directory

2007-07-19 Thread Matt McCutchen 

On 7/19/07, Alan Cheers [EMAIL PROTECTED] wrote:

I've got to be overlooking something but when I use rsync client to copy files 
from one box to another it creates the folder/files in the root directory 
instead of what is specified in the module path statement.


Did you write the destination with a single colon?  If so, replace it
with a double colon.  A single colon indicates rsync over a remote
shell; you have to use a double colon to access an rsync daemon.  This
is a very common mistake.

If that isn't the problem, please send your rsync command line and
daemon configuration file so I have a clue what your setup is.

Matt
--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Re: Files copied into wrong directory

2007-07-19 Thread Matt McCutchen 

On 7/19/07, Alan Cheers [EMAIL PROTECTED] wrote:

I think I understand a bit better now.  To use SSH you don't get to use the 
daemon (unless you specify the remote shell/which may cause loss of features).


Well, you have the choice of (1) a single-use daemon invoked over ssh
or (2) a connection proxied or forwarded by ssh to a background
daemon.  In general, if you merely want to use an rsync feature that
is available only when using a daemon, you would invoke a single-use
daemon (#1) in your own remote account.  On the other hand, if you
want a daemon that authenticates untrusted users and then offers them
carefully controlled access, you would usually set up a background
daemon (#2) and then add the ssh if you need the encryption or
firewall-bypassing.

To do #1, all you have to do is move the configuration file on the
daemon side if necessary (the daemon looks for it by default in the
remote home directory instead of /etc) and pass -e ssh on the
client.

To do #2...


I am still interested in encrypting the traffic AND using a daemon.  The manual 
says something to the effect of using SSH to tunnel a local port to a remote 
machine and configure a normal rsync daemon to accept localhost traffic.  Can 
you explain the tunneling a port part?


This would be the fourth method on
http://rsync.samba.org/firewall.html .  On the client, you tell ssh to
forward connections to a local port of your choice to the remote port
on which the daemon is listening.  That means that, every time
something on your computer connects to the local port, the local ssh
signals the remote ssh to open a corresponding connection to the
daemon's port.  The two ssh processes then pass the data back and
forth over the encrypted connection so that, for all the rsync client
can tell, it is talking directly to the daemon.

This setup guarantees that no one can snoop on your own exchange with
the daemon but does nothing to stop others from connecting to it
themselves and accessing the modules.  You can block this in either or
both of two places: (1) stop others from connecting to the daemon, or
(2) set up authentication on the daemon so they can't access modules
once they connect.

To do #2, create a secrets file and set auth users; see the
rsyncd.conf man page.

For #1, you're already safe if a firewall blocks connections to the
daemon port from outside a private network whose users you all trust.
If not, you can tell the daemon to accept connections only from the
remote machine itself by setting address = localhost; then you're in
danger only from users who can log into the remote machine via ssh or
similar means and make such connections.

Notwithstanding that paragraph, if you forward a local port to the
daemon's port, you're additionally in danger of others on the local
machine piggybacking on that forward.  Using a ProxyCommand in place
of a port forward (see method 2 on
http://rsync.samba.org/firewall.html ) doesn't have the piggybacking
problem and also tends to be more convenient.

Matt
--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html