On Thu, Jun 16, 2005 at 10:48:28AM +1000, David Hogan wrote:
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:tsl-discuss-
> > [EMAIL PROTECTED] On Behalf Of Alain Fauconnet
> 
> > It's still better than running it over SSH
> > (again IMHO) because the latter requires some kind of root->root
> > trust relationship to work, something I consider as an absolute no-no.
> 
> You can run it as a daemon AND over ssh - in my setup it runs as a daemon
> listening to 127.0.0.1, and a script on a remote machine connects to the
> server via ssh using public/private key authentication, and uses tcp
> forwarding to access the rysnc port, if that makes sense

Sounds just fine to me. Nice work-around to the problem of root->root
trust.

You still carry the SSH encryption/decryption overhead, which in my
experience can be very significant when rsync'ing large filesystems.
When all this happens within a LAN and the machines have appropriate
port filtering (iptables) set, the exposure generated by unencrypted
authentication and data going over the network looks minimal to me.
I also like being able to sort out rsync traffic (port 873) from SSH
traffic (port 22).

Oh well, each one his own way :-)

Greets,
_Alain_
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

Reply via email to