similar to: DO NOT REPLY [Bug 1890] TLS for rsync protocol

https://bugzilla.samba.org/show_bug.cgi?id=1890 --- Comment #11 from roland <devzero at web.de> 2013-11-22 22:21:30 UTC --- from the rsync 3.1.0 release notes : Rsync now comes packaged with an rsync-ssl helper script that can be used to contact a remote rsync daemon using a piped-stunnel command. It also includes an stunnel config file to run the server side to support

> The benefit of rsync over ssh secured by rrsync is that it is more > like what rsync users are already used to. i don`t like rsync over ssh in an environemt with users you can?t trust. from a security perspective, i think such setup is broken by design. it`s a little bit like giving a foreigner the key to your front door and then hope that the door in the corridor to your room will be

Hello. I once read somewhere that it's possible to limit SSH pubkeys to 'tunnel-only'. I can't seem to find any information about this in any of the usual places. I'm going to be deploying a few servers in a couple of days and I'd like them to log to a central server over an SSH tunnel (using syslog-ng) however I'd like to prevent actual logins (hence

https://bugzilla.samba.org/show_bug.cgi?id=1890 marineam@osuosl.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marineam@osuosl.org ------- Comment #2 from marineam@osuosl.org 2006-08-06 02:39 MST ------- (In reply to comment #1) > There is a

On 6/13/21 3:36 PM, Jim Klimov via Nut-upsdev wrote: > Haven't got many ideas on this today, preoccupied with other > house-work, but can share a couple :) > > Regarding two implementations - I believe NSS and OpenSSL are licensed > differently and/or are (initially were?) available non-overlapping on > different OSes. A quick googling now showed that they both were >

https://bugzilla.samba.org/show_bug.cgi?id=1890 Summary: TLS for rsync protocol Product: rsync Version: 2.6.3 Platform: All URL: http://metastatic.org/source/rsync-ssl.patch OS/Version: Linux Status: NEW Severity: enhancement Priority: P3 Component: core AssignedTo: wayned@samba.org

Hi, i`m wondering - can't THIS one http://gitweb.samba.org/?p=rsync-patches.git;a=blob;f=openssl-support.diff be completely replaced with THIS one ? http://dozzie.jarowit.net/trac/wiki/RsyncSSL http://dozzie.jarowit.net/git?p=rsync-ssl.git;a=tree Isn`t RsyncSSL (wrap rsync with stunnel via stdin/out) the better solution ? (as it is using a mature external program for the SSL stuff)

On June 13, 2021 9:02:46 PM GMT+03:00, Tim Dawson <tadawson at tpcsvc.com> wrote: >Let's not overlook the simple fact that a lot of deployments are behind >secure firewalls, on secure networks, and on servers and lans that no >users have access to (physical ormotherwise), and thus have negligible >security requirements beyond what the environment already provides. >Yes,

from a security perspective this is bad. think of a backup provider who wants to make rsyncd modules available to the end users so they can push backups to the server. do you think that such server is secure if all users are allowed to open up an ssh shell to secure their rsync transfer ? ok, you can restrict the ssh connection, but you open up a hole and you need to think twice to make it secure

Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be

Hi Kevin, Just did: same result. -- Best regards / Met vriendelijke groet, Aron Rotteveel 2015-03-27 14:32 GMT+01:00 Kevin Korb <kmk at sanitarium.net>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Try it without any --delete options. > > On 03/27/2015 09:31 AM, Aron Rotteveel wrote: > > I am now running with --delete --numeric-ids --relative but the

Anyone have any other ideas I could try to debug this issue? :) -- Best regards / Met vriendelijke groet, Aron Rotteveel 2015-03-27 16:02 GMT+01:00 Aron Rotteveel <rotteveel.aron at gmail.com>: > Hi Kevin, > > Just did: same result. > > -- > Best regards / Met vriendelijke groet, > > Aron Rotteveel > > 2015-03-27 14:32 GMT+01:00 Kevin Korb <kmk at

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try it without any --delete options. On 03/27/2015 09:31 AM, Aron Rotteveel wrote: > I am now running with --delete --numeric-ids --relative but the > problem still persists. > > -- Best regards / Met vriendelijke groet, > > Aron Rotteveel > > 2015-03-27 14:22 GMT+01:00 Kevin Korb <kmk at sanitarium.net >

I am now running with --delete --numeric-ids --relative but the problem still persists. -- Best regards / Met vriendelijke groet, Aron Rotteveel 2015-03-27 14:22 GMT+01:00 Kevin Korb <kmk at sanitarium.net>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Try also removing --delete-excluded. Without those two options there > should be no reason for rsync to require

-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Rainer Duffner Sent: Samstag, 21. Oktober 2017 00:41 To: CentOS mailing list Subject: Re: [CentOS] scp setup jailed chroot on Centos7 > Am 20.10.2017 um 15:58 schrieb Adrian Jenzer <a.jenzer at herzogdemeuron.com>: > > Dear all > > I'm looking for instructions on how to setup a

When writing the Internet-Draft (I-D) "UPS Management Protocol" [1], I was required by IETF rules to include a "Security Considerations" chapter. This meant saying clearly that the SSL provisions in NUT for secure communication are now outdated and deprecated. The IETF now insists on secure communication and this makes NUT's situation an issue for the project. In

On Wed, 14 Nov 2018, Aki Tuomi wrote: >> I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So >> I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to >> enable TLS1.2 and TLS1.3 only. >> >> Is this possible with dovecot-2.2.36 / how to setup this? > > Not possible I'm afraid. ("Not possible" = challenge!)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try also removing --delete-excluded. Without those two options there should be no reason for rsync to require gigs of RAM. Well, unless the other system has rsync 2.x. On 03/27/2015 07:29 AM, Aron Rotteveel wrote: > Yes, I removed "--no-inc-recursive", without success. > > -- Best regards / Met vriendelijke groet, > >

On my CenOS7 system with stunnel from base stunnel-4.56-4.el7.x86_64 there's a systemd service file /etc/systemd/system/stunnel.service try sudo systemctl enable stunnel.service Hope this helps, K ?al?

A client wants me to set up a mechanism whereby his customers can drop files securely into directories on his FreeBSD server; he also wants them to be able to retrieve files if needed. The server is already running OpenSSH, and he himself is using Windows clients (TeraTerm and WinSCP) to access it, so the logical thing to do seems to be to have his clients send and receive files via SFTP or SCP.