>> > It's still better than running it over SSH >> > (again IMHO) because the latter requires some kind of root->root >> > trust relationship to work, something I consider as an absolute no-no. >> >> You can run it as a daemon AND over ssh - in my setup it runs as a daemon >> listening to 127.0.0.1, and a script on a remote machine connects to the >> server via ssh using public/private key authentication, and uses tcp >> forwarding to access the rysnc port, if that makes sense > > Sounds just fine to me. Nice work-around to the problem of root->root > trust. > > You still carry the SSH encryption/decryption overhead, which in my > experience can be very significant when rsync'ing large filesystems. > When all this happens within a LAN and the machines have appropriate > port filtering (iptables) set, the exposure generated by unencrypted > authentication and data going over the network looks minimal to me. > I also like being able to sort out rsync traffic (port 873) from SSH > traffic (port 22). > > Oh well, each one his own way :-)
In my situation my guess would to make an ipsec tunnel between both machines, so both lans are connected. -- Ariën Huisken Xilay Software _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
