Re: a utility for preventing exec() calls
Brought to you by:
xystrus
Menu
▾
▴
Re: a utility for preventing exec() calls
|
From: Nick C. <ni...@cl...> - 2019-02-08 21:24:01
|
On Fri, 8 Feb 2019 at 17:50, Russ Allbery <ea...@ey...> wrote: > Nick Cleaton <ni...@cl...> writes: > > > rsync -av -e ssh /my/thing us...@rs...::backups/ > > Don't you lose SSH authentication this way? You're spawning a separate > daemon that I think is now using the built-in rsync authentication, which > is just password (or nothing), so an attacker can then just connect > directly to the daemon that you've spawned. > No, with --server and --daemon (as opposed to just --daemon) you get an rsync daemon connection over an ssh transport, it doesn't listen on a tcp port. http://man7.org/linux/man-pages/man1/rsync.1.html#USING_RSYNC-DAEMON_FEATURES_VIA_A_REMOTE-SHELL_CONNECTION I was wrong about being able to use the user@server syntax though, apparently you have to use -e "ssh -l $username" instead. > -- > Russ Allbery (ea...@ey...) <http://www.eyrie.org/~eagle/> > > |
