[TriLUG] rsyncd.conf

Alan Porter porter at trilug.org
Fri Feb 10 18:20:07 EST 2006


>>BackupPC will fetch files from the client PC's using one of
>>three mechanisms: (1) Samba (2) rsync/ssh (3) rsync/rsyncd.
>>I am using option #3.  On the client PC, I installed rsync
>>and set RSYNC_ENABLE=true in /etc/defaults/rsync.
>>
>>    
>>
>Might I suggest that you tell backuppc to use rsync as the xfer
>method.  This doesn't require an rsync daemon on the client but runs
>rsync over ssh as required.
>  
>


Hi Rick,

Thanks for your reply.

I thought about using method #2 (rsync/ssh), but I did not
like the idea if planting my server's public key in the client
PC's /root/.ssh/authorized_keys file.  It seems like a wide-open
door, when all I really needed was the ability to copy files out.

Method #3 opens up port 873, and it runs a service that has
its own password file (/etc/rsyncd.secrets) and can be set to
read-only.  There's no shells, no port forwarding, no
unintended access.  Incidentally, this method works pretty
well for Windows clients as well, as long as you open up the
various firewalls on the client PC's (Symantec, McAfee, Zone
Alarm, Windows firewall -- some users install them all!).

If I wanted to secure the rsync/ssh method, I would have to
add some modifiers to the key entry in the authorized_keys
file, probably something like "no-pty" or heaven forbid,
"command=".

Basically, I want to see if method #3 (rsync/rsyncd) will work.
If that turns out to be a hassle, I'll try (rsync/ssh).


Alan









More information about the TriLUG mailing list