Hi,
I need to setup a Rsync server to backup a 😡 NAS.
So I want to run it under SSH.
man rsync
Also note that the rsync daemon protocol does not currently provide any encryption of the data that is transferred over the connection. Only authentication is provided. Use ssh as the transport if you want encryption.
but when I do rsync --config=/etc/rsyncd.conf --rsh=ssh --dry-run
I get:
rsync: --rsh=ssh: unknown option (in daemon mode) So there no way to specify that rsync daemon should run under ssh ?
Also is this following A.I statement is correct ?
The rsyncd.conf file is only used when the rsync daemon is running on the remote host and the client connects to the daemon directly, without using an SSH connection.
So there is no way with Rsync (under ssh) to set settings (config file or other) that will apply to all clients !!??
So it’s the client that configure rsync and the server !? there is no way around ?!
So… As long as you have ssh running open on the receiving server, you don’t need the rsync daemon. Rsync client will ssh, then execute rsync recipient automatically.
The daemon is only for if you don’t want to or cannot run ssh really.
Is there a specific reason you are looking at the daemon, or just unfamiliar?
The statement is correct, rsync by itself doesn’t use ssh if you run it as an daemon and if you trigger rsync over ssh then it doesn’t use daemon but instead starts rsync with UID of the ssh-user.
But, you can run rsyncd and bind it only to localhost and connect to that over ssh-tunnel. That way you can get benefits of rsync daemon and still have encrypted connection with ssh.
Thank you @IsoKiero@sopuli.xyz !
This is the solution.unfortunately I can’t apply it, because the NAS is a closed proprietary 💩
I think you don’t need to specify that you want to use SSH. unless you give the location as starting with rsync://, or set to use the rsh protocol, it should use ssh by default.
just use user@targethost:path. The part before : is the same as what you use in SSH, and the part after it may be an absolute or a relative (to user home) pathHere’s several ways to run rsync over SSH.
Given that you can already use rsync over ssh, I suspect you want to allow the rsync configuation options on the server side, but still use ssh to secure the transit. I would do it like this:
- Configure rsync on receiving server to listen only on 127.0.0.1 (localhost).
- Use ssh to create a tunneled port between your sender and receiving rsync server.
- Rsync on the sender to [rsync defined user@]localhost:port (whichever port you set the tunnel up on) as your target.
That would encrypt the traffic over your ssh tunnel, but still allow you to use the receiver’s rsyncd paths.