On 08/12/11 11:12, Giovanni Schmid wrote:
I'm wondering if rsyncing a ZFS with encryption set to on could work.
Yes it does.
More precisely:
suppose there are hosts A and B, both with encrypted zfs
rpool/export/home/user/shared;
suppose user on host A runs the command
user$ rsync -avz shared/ B:shared/
Well, my questions are:
Could user get in any trouble in accessing data on B?
What you mean by "trouble" ?
Should user choose the same pass-phrase on both A and B or not?
Doesn't mater.
The rsync protocol works at the POSIX file system layer for reading and
writing files. That layer is way above the encryption functionality and
at encryption (just like ZFS compression) is transparent at that layer).
rsync doesn't know anything about ZFS and doesn't need to know anything
about encryption. rsync can only read and write the unencrypted data
because that is all that is available via the POSIX file system API (by
design).
rsync is no different to vi, cp etc in this respect. What rsync sends
over the wire will be plaintext file data (which may be inside an SSH
tunnel but the file data is plaintext not ciphertext).
--
Darren J Moffat
_______________________________________________
security-discuss mailing list
[email protected]
