Yes, your explanations are better. I will promote #2 to become #1, since
it is more likely the one that will work better in all situations.
Another thing is... if you can use "Method #2 Rsync SSH-es to target
using a proxy command that first SSH-es to middle" also with rsync
daemon servers, then: is there any possible advantage on the other three
methods? If not, can we remove everything but just Method #2 possible
with another example using a rsync daemon server? You know, I remember
some say about keeping things simple "something".
Cheers,
Manuel.
Matt McCutchen wrote:
On Thu, 2005-10-27 at 21:48 +0100, Manuel López-Ibáñez wrote:
Method 1: no rsync daemon server, passwordless authentication in middle
machine.
Method 2: no rsync daemon server, using SSH proxy
Method 3: no rsync daemon server, using SSH port forwarding
Method 4: no rsync daemon server, using SSH tunnel
The difference between #3 and #4 is not port forwarding vs. tunnel
(we've been using the terms synonymously) but SSH port vs. rsync daemon
port. Here's how I would summarize all the methods:
#1: Rsync runs a chained SSH command as transport; authentication on
middle must be passwordless
#2: Rsync SSH-es to target using a proxy command that first SSH-es to
middle
#3: Forward target's SSH port to a local port; rsync SSH-es to that port
#4: Run rsync daemon on target and forward its port to a local port;
rsync accesses the daemon using that port
I dislike #1 because the middle machine can subvert the connection. I
dislike #3 and #4 because (a) one must remember to set up and take down
the tunnel and (b) others can take advantage of the tunnel. (If, as
many hope, SSH learns to forward filesystem sockets, (b) will go away.)
Except for some technicalities in how the proxy connection closes, #2 is
the ideal technique, and that's what I use to access my school's
firewalled backup machine.
The updated FAQ is very nice, but perhaps the "rsync through a firewall"
section should be factored out into another page because it occupies
more than half of the FAQ page.
Incidentally, I set up SSH on my machine to prefer password
authentication to keyboard-interactive authentication; now the password
prompt shows the target user and host. Thanks, Carson!
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
