On Thu, Jun 16, 2005 at 10:48:28AM +1000, David Hogan wrote: > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:tsl-discuss- > > [EMAIL PROTECTED] On Behalf Of Alain Fauconnet > > > It's still better than running it over SSH > > (again IMHO) because the latter requires some kind of root->root > > trust relationship to work, something I consider as an absolute no-no. > > You can run it as a daemon AND over ssh - in my setup it runs as a daemon > listening to 127.0.0.1, and a script on a remote machine connects to the > server via ssh using public/private key authentication, and uses tcp > forwarding to access the rysnc port, if that makes sense
Sounds just fine to me. Nice work-around to the problem of root->root trust. You still carry the SSH encryption/decryption overhead, which in my experience can be very significant when rsync'ing large filesystems. When all this happens within a LAN and the machines have appropriate port filtering (iptables) set, the exposure generated by unencrypted authentication and data going over the network looks minimal to me. I also like being able to sort out rsync traffic (port 873) from SSH traffic (port 22). Oh well, each one his own way :-) Greets, _Alain_ _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
