>> > It's still better than running it over SSH
>> > (again IMHO) because the latter requires some kind of root->root
>> > trust relationship to work, something I consider as an absolute no-no.
>>
>> You can run it as a daemon AND over ssh - in my setup it runs as a daemon
>> listening to 127.0.0.1, and a script on a remote machine connects to the
>> server via ssh using public/private key authentication, and uses tcp
>> forwarding to access the rysnc port, if that makes sense
>
> Sounds just fine to me. Nice work-around to the problem of root->root
> trust.
>
> You still carry the SSH encryption/decryption overhead, which in my
> experience can be very significant when rsync'ing large filesystems.
> When all this happens within a LAN and the machines have appropriate
> port filtering (iptables) set, the exposure generated by unencrypted
> authentication and data going over the network looks minimal to me.
> I also like being able to sort out rsync traffic (port 873) from SSH
> traffic (port 22).
>
> Oh well, each one his own way :-)

In my situation my guess would to make an ipsec tunnel between both 
machines, so
both lans are connected.

--
Ariën Huisken
Xilay Software


_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

Reply via email to