similar to: rsyncssl

from a security perspective this is bad. think of a backup provider who wants to make rsyncd modules available to the end users so they can push backups to the server. do you think that such server is secure if all users are allowed to open up an ssh shell to secure their rsync transfer ? ok, you can restrict the ssh connection, but you open up a hole and you need to think twice to make it secure

> The benefit of rsync over ssh secured by rrsync is that it is more > like what rsync users are already used to. i don`t like rsync over ssh in an environemt with users you can?t trust. from a security perspective, i think such setup is broken by design. it`s a little bit like giving a foreigner the key to your front door and then hope that the door in the corridor to your room will be

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As far as a backup provider goes I wouldn't expect them to use rsync over SSL unless that were built into rsync in the future (and has been around long enough that most users would have it). I would expect them to either use rsync over ssh secured by rrsync or rsyncd over ssh with them managing the rsyncd.conf file. Either way the server side

rsync in daemon mode is very powerful, yet it comes with one big disadvantage: data is sent in plain. The workarounds are not really satisfying: - use VPN - one needs to set up an extra service, not always possible - use stunnel - as above - use SSH - is not as powerful as in daemon mode (i.e. read only access, chroot, easy way of adding/modifying users and modules etc.) Why was encrypted

https://bugzilla.samba.org/show_bug.cgi?id=1890 --- Comment #11 from roland <devzero at web.de> 2013-11-22 22:21:30 UTC --- from the rsync 3.1.0 release notes : Rsync now comes packaged with an rsync-ssl helper script that can be used to contact a remote rsync daemon using a piped-stunnel command. It also includes an stunnel config file to run the server side to support

On my CenOS7 system with stunnel from base stunnel-4.56-4.el7.x86_64 there's a systemd service file /etc/systemd/system/stunnel.service try sudo systemctl enable stunnel.service Hope this helps, K ?al?

Hi list, I have 3 Citrix Xenserver 5.6  and currently building a a VM backup server. I took the xe client on one of the server and installed it on the backup server (gentoo based) installed the stunnel package to make XE work. now when running, I get this error message : [server ­~ #] ./xe help -debug -s 192.168.111.17 -u user -pw pass Connecting via stunnel to [192.168.111.17] port [443]

Hi Thomas, El 18/12/2014 22:25, Thomas B. R?cker <thomas at ruecker.fi> escribi?: > > On 12/18/2014 08:54 PM, Xabier Oneca -- xOneca wrote: >> >> Hello, Thomas, >> >> El 18/12/2014 21:35, Thomas B. R?cker <thomas at ruecker.fi> escribi?: >> > >> > On 12/18/2014 08:29 PM, Xabier Oneca -- xOneca wrote: >> > > >> > >

Hi, Can the Icecast stream be served over an ssl (https) connection? If so, can you please tell me how to accomplish this? Thanks, Daelynn. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/icecast/attachments/20141218/185fa162/attachment.htm

The stunnel package doesn't come with an init script and systemctl doesn't list it as a service I recognize, I guess I could put it in /etc/rd.d/rc.local or create a script in /etc/rc.d/init.d but thought I'd ask before creating my own solution. Confidentiality Notice | This email and any included attachments may be privileged, confidential and/or otherwise protected from

Dovecot 2.3.4, FreeBSD 11.2 Due to comcast buisness ISP intercepting imaps I need to have my clients connect to non-standard port (9999). Previously I had been using stunnel to receive the imaps connection and forward it to the imap port over 127.0.0.1. But I would like to retire stunnel and have my imap clients connect remotely. I have configured the imap-login service - service imap-login {

On Jul 21, 2019, at 11:50, Jorge Bastos via dovecot <dovecot at dovecot.org> wrote: > SSL/TLS is done via Stunnel Dirst, others have asked but I haven?t seen an answer, do you have any reason to think Outlook supports IMAP idle at all? I mean, I know outlook.com doesn?t support it, so maybe it just doesn?t work? Secondly, assuming Outlook does support IMAP idle, if you setup Dovecot to

Hi everybody! I'm trying to set up a secure samba connection across the net using Stunnel. With no joy. Any assistance would be appreciated. (c: I have four PC's. My Windows PC (192.168.0.10), my firewall (192.168.0.1 & 203.36.97.5), the office firewall (202.44.170.5 & 192.168.0.1), and the office file (Samba) server (192.168.0.15). On my office firewall I have the

Hi all Does anyone have a config file for stunnel, to work with /etc/xinetd.d? Stunnel's man page does mention it can work with xinetd, but there's no sample configuration for it. -- Kind Regards Rudi Ahlers

Yes, I am pretty sure about that. I originally was connected via AT&T DSL but wanted the fast access of cable modem. I need permanent IPs which required me to contract with Comcast buisness. Once I switched over, I was no longer able to access my imap server, which was as I mentioned, stunnel listening on the imaps port and forwarding to dovecot listening on the imap port. I was getting

Hi list: I started to make a quick GemPlugin command [ssl::start] that sets up an stunnel before calling the normal [start] command. so $ mongrel_rails ssl:start will do everything that start normally does and configure/setup an stunnel. The question... Obviously this plugin will require stunnel to be installed. What do you think is the best move: 1) nothing, just require that people

Hello - I'd like to encrypt rsync traffic over the wire, and for various reasons, I can't use ssh. I'd like to use SSL. Having spent the last day or so trying to wrap my brain around what that's going to take, I'm wondering if anyone has tried this before? Is it un-doable for one reason or another? TIA, -justinb

On 6/13/21 3:36 PM, Jim Klimov via Nut-upsdev wrote: > Haven't got many ideas on this today, preoccupied with other > house-work, but can share a couple :) > > Regarding two implementations - I believe NSS and OpenSSL are licensed > differently and/or are (initially were?) available non-overlapping on > different OSes. A quick googling now showed that they both were >

I upgraded dovecot two weeks ago from 0.99.10-0.rc2 to 0.99.10.4-1woody1 (both from the woody backport packages from braincells.com). Dovecot is using LDAP on a separate machine for authentication. (through stunnel if it matters) At 4:00 am, the LDAP server stops, dumps the ldap database, and then starts back up. Because the LDAP server is stopped, anyone who tries to authenticate during

Hello, i know i'm a newbie, but here i go (help me lord), i just installed/configured samba 3.0.23d on my suse 10.1, but i have a couple of questions about what's on the manual.... 1- when trying to secure swat with ssl, i installed openssl, and then generate the certificates, but when i try to start the tunnel with: stunnel -p /etc/stunnel/stunnel.pem -d 901 \ -l