From: Kurt Tunkko <kurt.tunko@we...> - 2008-07-25 07:31:32
my first attempt with BackupPC was to try to backup windows clients via
rsync over ssh (cygwin) but transfer rates were very slow, so I switched
All clients on the LAN and some laptops connected via VPN are now using
rsyncd. Since these clients are all running windows xp/2k I could also
use Samba for the transport.
Reading about authentication in the rsyncd man page:
[...] The authentication protocol used in rsync is a 128 bit MD4 based
challenge response system. This is fairly weak protection, though (with
at least one brute-force hash-finding algorithm publicly available).
Also note that the rsync daemon protocol does not currently provide any
encryption of the data that is transferred over the connection. Only
authentication is provided. Use ssh as the transport if you want
1) Regarding security: How does samba compares to rsyncd?
2) If I choose a password that is long and complicates enough, I should
be safe regarding brut-force attacks? Transfer via rsyncd will still be
3) If I tunnel rsyncd over SSH, will I get the low transfer rates like
rsync+ssh on windows clients?
4) Is someone using rsync over SSH (Cygwin based) and get the same
transfer speeds like rsyncd? Or will encryption always come with the
cost of (much) lower transfer speeds?
On Fri, Jul 25, 2008 at 09:31:34AM +0200, Kurt Tunkko wrote:
> 1) Regarding security: How does samba compares to rsyncd?
The authentication might be better, but AFAIK, packet contents are not
encrypted. Looking at the docs of smb.conf, there seems to support for
packet encryption and signing (see the "smb encrypt" option). You could
test by configuring a client to enforce encryption and see whether you
can still connect via smbclient. smbclient also supports a "-e" option
to enforce encryption, might be non-trivial to set up. You will get a
performance penalty here because packet sizes will be smaller.
> 2) If I choose a password that is long and complicates enough, I should
> be safe regarding brut-force attacks?
Security is always a tradeoff. What attackers are you expecting? How
valuable is the data? How many people might get access to it? How
difficult is it to sniff your network?
> Transfer via rsyncd will still be unencrypted :-/
> 3) If I tunnel rsyncd over SSH, will I get the low transfer rates like
> rsync+ssh on windows clients?
I don't know.
> 4) Is someone using rsync over SSH (Cygwin based) and get the same
> transfer speeds like rsyncd? Or will encryption always come with the
> cost of (much) lower transfer speeds?
Encryption should not slow down too much - modern processors are fast
enough, so the disk is still the bottleneck.
"What we nourish flourishes." - "Was wir nähren erblüht."