I understand that you can avoid ssh authentication with rsync daemon, but what method of authentication is it using then? How is it transferring the data?
Asked
Active
Viewed 55 times
0
-
1Probably relevant: https://download.samba.org/pub/rsync/rsyncd.conf.5#auth_users https://download.samba.org/pub/rsync/rsyncd.conf.5#AUTHENTICATION_STRENGTH https://download.samba.org/pub/rsync/rsync.1#CONNECTING_TO_AN_RSYNC_DAEMON (I think the main takeaway will be that pretty much everyone will want to use ssh) – Håkan Lindqvist Aug 09 '23 at 20:48
1 Answers
2
The rsync daemon, without SSH, provides anonymous access and/or it's own username/password authentication methods as part of the protocol.
On the server side you configure a plain text file with the users and their (unencrypted) passwords and for each module you can mandate authentication and define which users are allowed to authenticate.
Note that the rsync protocol is clear text and sniffing usernames and passwords is trivial.
The manual page offers guidance on how to configure that:
A simple rsyncd.conf file that allow anonymous rsync to a ftp
area at /home/ftp would be:
[ftp]
path = /home/ftp
comment = ftp export area
A more sophisticated example would be:
uid = nobody
gid = nobody
use chroot = yes
max connections = 4
syslog facility = local5
pid file = /var/run/rsyncd.pid
[cvs]
path = /data/cvs
comment = CVS repository (requires authentication)
auth users = tridge, susan
secrets file = /etc/rsyncd.secrets
The /etc/rsyncd.secrets file would look something like this:
tridge:mypass
susan:herpass
HBruijn
- 77,029
- 24
- 135
- 201