Re: Question on encryption
On Fri, Dec 21, 2001 at 09:58:40AM +1100, Tim Potter wrote: On Thu, Dec 20, 2001 at 04:45:52PM -0600, Dave Dykstra wrote: Does running rsync in daemon mode on the remote host preclude the need to use SSH from the client? If so, how secure is this versus using rsync in non daemon mode with SSH? I have considered building SSH to not use encryption, but I was thinking rsync in daemon mode might obviate the need to have to use SSH if it can still be made secure. Unfortunately, the answer is no. The rsync daemon can protect access with passwords that are not sent in the clear over the network, but it does not do anything to guarantee that hosts are not being spoofed and that there's no man-in-the-middle. The answer for people who use that has always been to use ssh. In re-reading my answer I see there are a couple slightly confusing things. For one thing, I meant 'people who need that', not 'people who use that'. Also by can protect access with passwords that are not sent in the clear I meant that the rsync daemon passwords are never sent in the clear, they are used for a challenge-response protocol. Wow - three slightly different answers. (-: You make a good point with the host authentication property of ssh. Yes, that was pretty funny that they all came about the same time. The answer that said the passwords were sent in the clear was incorrect, though, and host authentication is vital. Rsync has no way at all for the client to know it's talking to the real server, and the password authentication is not enough to assure the server that it's talking to the real client. The password seems like it could guarantee to the server that it's talking to the real client, but that's not so because there are no integrity checks on the data that is passed back and forth after the initial authentication, so if somebody hijacks the session or is a man-in-the-middle they can do whatever they want after the real client authenticates. - Dave Dykstra
Question on encryption
I am not currently subscribed so please email me below. First, my only experience with rsync has been older versions (e.g. 1.7.x) which did not allow daemon mode, so please bear with me. My problem is that I would like to mirror large quantities of data on a remote machine to a local one, but I don't care about encrypting the data itself. I only care about securing the connection from the authentication point of view. Okay, I must admit that I like SSH because it protects the end user from a variety of attacks, but what I'm saying is that I don't care if people look at the data. Typically, this mirroring has been done using just the local client's rsync program in conjunction with ssh (both on the client and sshd on the remote machine): rsync --delete --rsh ssh --rsync-path /path_to_rsync/rsync -rlpt sourcedir remote_host/target_dir/ The problem, however, is that due to the large size of the data, and the slowness typically suffered under encryption, the remote machine crawls to a halt or is seriously impaired. Working with small numbers of files or infrequent mirrors, the encryption is not a problem, but it gets to be a burden when you're doing this every night on a lot of data. Some have suggested using something like 'blowfish -c' instead of the default to speed things up by perhaps a factor of 3. Anyway, here is my question: Does running rsync in daemon mode on the remote host preclude the need to use SSH from the client? If so, how secure is this versus using rsync in non daemon mode with SSH? I have considered building SSH to not use encryption, but I was thinking rsync in daemon mode might obviate the need to have to use SSH if it can still be made secure. Thanks. George Sinclair | [EMAIL PROTECTED]
Re: Question on encryption
On Thu, Dec 20, 2001 at 04:21:52PM -0500, George Sinclair wrote: [...] Does running rsync in daemon mode on the remote host preclude the need to use SSH from the client? If so, how secure is this versus using rsync in non daemon mode with SSH? I have considered building SSH to not use encryption, but I was thinking rsync in daemon mode might obviate the need to have to use SSH if it can still be made secure. Yes - you don't need to run ssh to use rsync in daemon mode. The authentication mechanism uses a challenge/response so the password is not sent over the wire. The rsync data sent after the authentication suceeds is not encrypted, which sounds just what you are after. If you read the manual page for rsyncd.conf, look at the sections on the 'secrets file' and 'auth users' parameters. Regards, Tim.
Re: Question on encryption
You've hit on just what rsyncd is best for. It's not particularly secure, as it uses plaintext (default null) passwords, so someone working for your ISP could sniff your password. the modules (sections of the filesystem tree you expose via rsyncd) are, by default, accessed in a chroot() environment, so even if someone gets in, all they see is what they would see sniffing your transfer, though it's more convenient. By default, the connection is readonly, so the only trouble they could cause you would network and disk load from reading your modules. Tridge wrote rsync specifically to mirror publically-available directory trees. Tim Conway [EMAIL PROTECTED] 303.682.4917 Philips Semiconductor - Longmont TC 1880 Industrial Circle, Suite D Longmont, CO 80501 Available via SameTime Connect within Philips, n9hmg on AIM perl -e 'print pack(, 19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), .\n ' There are some who call me Tim? George Sinclair [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/20/2001 02:21 PM Please respond to george.sinclair To: [EMAIL PROTECTED] cc: (bcc: Tim Conway/LMT/SC/PHILIPS) Subject:Question on encryption Classification: I am not currently subscribed so please email me below. First, my only experience with rsync has been older versions (e.g. 1.7.x) which did not allow daemon mode, so please bear with me. My problem is that I would like to mirror large quantities of data on a remote machine to a local one, but I don't care about encrypting the data itself. I only care about securing the connection from the authentication point of view. Okay, I must admit that I like SSH because it protects the end user from a variety of attacks, but what I'm saying is that I don't care if people look at the data. Typically, this mirroring has been done using just the local client's rsync program in conjunction with ssh (both on the client and sshd on the remote machine): rsync --delete --rsh ssh --rsync-path /path_to_rsync/rsync -rlpt sourcedir remote_host/target_dir/ The problem, however, is that due to the large size of the data, and the slowness typically suffered under encryption, the remote machine crawls to a halt or is seriously impaired. Working with small numbers of files or infrequent mirrors, the encryption is not a problem, but it gets to be a burden when you're doing this every night on a lot of data. Some have suggested using something like 'blowfish -c' instead of the default to speed things up by perhaps a factor of 3. Anyway, here is my question: Does running rsync in daemon mode on the remote host preclude the need to use SSH from the client? If so, how secure is this versus using rsync in non daemon mode with SSH? I have considered building SSH to not use encryption, but I was thinking rsync in daemon mode might obviate the need to have to use SSH if it can still be made secure. Thanks. George Sinclair | [EMAIL PROTECTED]
Re: Question on encryption
On Thu, Dec 20, 2001 at 04:45:52PM -0600, Dave Dykstra wrote: Does running rsync in daemon mode on the remote host preclude the need to use SSH from the client? If so, how secure is this versus using rsync in non daemon mode with SSH? I have considered building SSH to not use encryption, but I was thinking rsync in daemon mode might obviate the need to have to use SSH if it can still be made secure. Unfortunately, the answer is no. The rsync daemon can protect access with passwords that are not sent in the clear over the network, but it does not do anything to guarantee that hosts are not being spoofed and that there's no man-in-the-middle. The answer for people who use that has always been to use ssh. Wow - three slightly different answers. (-: You make a good point with the host authentication property of ssh. Tim.