rsync - Jan 2013 - rsyncssl

Hi, 

i`m wondering - can't THIS one
http://gitweb.samba.org/?p=rsync-patches.git;a=blob;f=openssl-support.diff

be completely replaced with THIS one ?
http://dozzie.jarowit.net/trac/wiki/RsyncSSL
http://dozzie.jarowit.net/git?p=rsync-ssl.git;a=tree

Isn`t RsyncSSL (wrap rsync with stunnel via stdin/out) the better solution ? (as
it is using a mature external program for the SSL stuff)

regards
roland

On Sun, Jan 27, 2013 at 12:07 AM, <devzero at web.de> wrote:
> Hi,
>
<snipped>
> Isn`t RsyncSSL (wrap rsync with stunnel via stdin/out) the better solution
> ? (as it is using a mature external program for the SSL stuff)
>
Why SSL when you already have a proper working SSH with certificates etc.
that should be as good if not better?

The only place that an SSL would make some sense, is if you are going to do
it to/from an rsync daemon, but then how would that be "better" than a
ssh-only account with keys/etc. only allowing the rsync to execute?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.samba.org/pipermail/rsync/attachments/20130128/4f4ea53b/attachment.html>

An HTML attachment was scrubbed...
URL:
<http://lists.samba.org/pipermail/rsync/attachments/20130128/52ab7976/attachment.html>

Why put that extra effort into rsync, if you can chain things together ?

The power of unix is exactly that - it`s not about using specialiced tools, but
it`s about combining them in innumerable ways, thus multiplying their
capabilities.
>Another good reason for a SSL-version of rsync: non-Unix clients...
Stunnel probably runs on as many platforms like rsync.
https://www.stunnel.org/ports.html
Besides that, mind that there is no usable native port of rsync on windows. (The
cygwin based rsync is very slow, btw)
I think stunnel even runs native on win32.(MinGW)

I was hoping for ssl in rsync for long, but when i saw RsyncSSL, i think it
could obsolete an rsync with compiled in ssl support.

Nobdoy would have the idea to put ssh into rsync, rsync is just using that as a
sub-process/pipe(and vice versa).
So does RsyncSSL (with stunnel).

On the server side, with rsync + ssh, the ssh daemon listens for incomming ssh
connection and then starts rsync, connecting via stdin/stdout.

Analogously, stunnel daemon listens for incoming ssl connection and then starts
rsync(d) as a sub-process. The only difference is, that RsyncSSL adds some
missing glue.
>I'd love to see rsync-ssl (with the server having CRL support, client
>cert support, and the client/server doing cert validation of course) as
>for one thing I think it would make a damn fine laptop backup solution.
It?s exactly what RsyncSSL can do for you.

regards
roland

>List:       rsync
>Subject:    Re: rsyncssl
>From:       Jason Haar <Jason_Haar () trimble ! com>
>Date:       2013-02-04 2:45:47
>Message-ID: 510F20DB.7050003 () trimble ! com
>[Download message RAW]
>
>Another good reason for a SSL-version of rsync: non-Unix clients...
>
>It's all well and good to talk about using vpns and ssh tunnels - but
>the fact is that a large percentage of rsync clients are non-Unix - like
>Windows - and getting them set up for ssh/etc is layering extra software
>on top of rsync. I'm not saying it can't work  - but it's not
simple.
>
>I'd love to see rsync-ssl (with the server having CRL support, client
>cert support, and the client/server doing cert validation of course) as
>for one thing I think it would make a damn fine laptop backup solution.
>I've run more than my share of Internet-facing services in my time and
>the lowest maintenance ones are the SSL/TLS services that require client
>certs. The bad guys cannot even "knock on the door"!
>
>An Internet-based rsync-ssl server that requires client certs would be
>brilliant for backing up laptops over the Internet: an enterprise
>competitor to all those cloudy services such as Dropbox/etc. :-) [well,
>probably need that VSS patch for rsync-win32 too ;-)]
>
>
>--
>Cheers
>
>Jason Haar
>Information Security Manager, Trimble Navigation Ltd.
>Phone: +1 408 481 8171
>PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1