Can BackupPC use rsyncd like that, so I don't have to run rsyncd on
the laptop on untrusted networks?
Why doesn't anyone like running rsyncd on a windows box standalone? I
don't get it? Maybe i'm missing something. Many times i've seen posts to
the list with troubles trying to configure rsync over ssh, tar over smb
and lots of other things.
People just seem to avoid doing it, for me its the easiest setup and
i'll explain.
1. rsyncd runs as a daemon on port tcp 873. yes
2. rsyncd can be set to only allow connections from a single host (i.e.
192.168.1.1), so if your not on that network nothing can connect anyway.
3. you can secure even further using an rsyncd.secrets file.
4. You can alos turn off the rsyncd "list=false" so that anyone probing
your ports cant find anything on 873.
5. if you download the rsyncd zip file from the backuppc site all you
need to do is extract to c:\, then modify c:\rsyncd\rsycnd.conf to suit,
then run c:\rsyncd\service.bat to installit as a service and start it.
How simple is that!! Much simpler than trying to sget sshd working as
welll and the extra config there...
6. You can even set the rsyncd shares on the client to be read only,
thus nothing can be written to them, until you need to do a restores
change it to being writeable.
7. If windows firewall is blocking just add an exception for rsync
tcp/873 from the local subnet (192.168.1.1).
So on an untrusted network, say 192.168.4.0 nothing can connect to the
rsyncd if you've said "hosts allow=192.168.1.1".
And in the rare occasion that the untrusted network has the same subnet,
then you have you're rsyncd.secrets for further security.
In addition even if you say "hosts allow=192.168.1.1" and on the
untrusted machine there is a server running on 192.168.1.1 it wont know
that it can rsync to the client pc using "list=false" in the client
rsyncd.conf as it cant "browse" the rsyncd daemon on the client pc,
furthermore it wouldn't have the rsyncd.secrets info if you take it to
that level.
In any event going to different networks with the same subnet is usually
rare in my experience.
I think that level of security with rsyncd is quite good, and its easily
configured.
If you are using ssh as a transport or simlar then you have to have the
client running an ssh daemon listening for connections before the server
can make an rsync connection over it. Thus you still have to run a
daemon of some kind, and this will still be running on the untrusted
network also.
Why go to that level? rsyncd works for me in the way described above,
and in my mind its secure.
I welcome any feedback, just wondering why people don't settle for my
configuration and why the need to complicate things with additional ssh
config etc etc.
If i'm wrong or missed something in any way let me know.
Regards,
Les
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
