On Fri, 8 Feb 2019 at 17:50, Russ Allbery <[email protected]> wrote: > Nick Cleaton <[email protected]> writes: > > > rsync -av -e ssh /my/thing [email protected]::backups/ > > Don't you lose SSH authentication this way? You're spawning a separate > daemon that I think is now using the built-in rsync authentication, which > is just password (or nothing), so an attacker can then just connect > directly to the daemon that you've spawned. >
No, with --server and --daemon (as opposed to just --daemon) you get an rsync daemon connection over an ssh transport, it doesn't listen on a tcp port. http://man7.org/linux/man-pages/man1/rsync.1.html#USING_RSYNC-DAEMON_FEATURES_VIA_A_REMOTE-SHELL_CONNECTION I was wrong about being able to use the user@server syntax though, apparently you have to use -e "ssh -l $username" instead. > -- > Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> > >
_______________________________________________ rssh-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rssh-discuss
