2000-09-26-14:58:29 Sanjeev Jha:
> What are those loss in running rsync-stunnel as compared to rsync-over-ssh
> that you mentioned here ?? tell me more about "slung behind a stunnel"
SSL add a lot of complexity, relative to ssh; and stunnel at least
doesn't offer all the features that ssh has, that help in this
task. Specifically, you can easily, with no programming necessary,
configure ssh to allow only a specific key from a specific IP addr
to perform only a specific rsync transfer.
rsync's daemon mode is a persistent daemon; as such it can be
accessed via stunnel doing forwarding in local daemon mode, and if
desired the plain rsync daemon can be packet filtered to prevent any
remote access. The client doesn't support using a helper to set up
the connection to an rsync daemon AFAIK, but you can run a stunnel
client under something like inetd to make a local unencrypted entry
point for getting at SSL services. Altogether icko, and doesn't do
anything ssh doesn't, doesn't even do all that ssh does (as I
suggested above).
I'll forward you the messages discussing rsync-over-stunnel
separately.
-Bennett
PGP signature
