Re: Best way to duplicate HDs--talk more about rsync+ssh system

To: cfm@maine.com
Cc: debian-isp@lists.debian.org
Subject: Re: Best way to duplicate HDs--talk more about rsync+ssh system
From: Ted Deppner <ted@psyber.com>
Date: Wed, 2 Jan 2002 14:00:07 -0800
Message-id: <[🔎] 20020102220007.GA14418@dondra.ofc.psyber.com>
Mail-followup-to: cfm@maine.com, debian-isp@lists.debian.org
Reply-to: Ted Deppner <ted@psyber.com>
In-reply-to: <[🔎] 20020102212132.GA12396@maine.com>
References: <[🔎] 20020102114410.7934.PAHUD@pahud.net> <[🔎] 20020102072501.GI3445@perkypants.org> <[🔎] 20020102153009.D9D3.PAHUD@pahud.net> <[🔎] 20020102141911.GA6693@maine.com> <[🔎] 20020102181738.GA7717@dondra.ofc.psyber.com> <[🔎] 20020102212132.GA12396@maine.com>

[cc: trimed to something a little more sane]

On Wed, Jan 02, 2002 at 04:21:33PM -0500, cfm@maine.com wrote:
> We're pulling **from** a read-only rsyncd.  It has to run as root because we
> require the right archive, permissions, etc....  I'm confused; is that much 
> different from running an rsync otherwise except for the convenience of the 
> [modules] thing?  Or is rsync wrong tool for job?

To, from, no difference.  rsyncd uses cleartext transport (it appears to
do a challenge/response for the password).  using ssh for the transport
(no rsyncd), gives you encrypted data on the network, and password
management in the form of identity keys.

I trust rsync to move files around in a convient manner.  I trust ssh to
transport data in a secure manner.  I do not trust rsync to be secure.

If you deeply trust your "private network", trust programs not written
with security in mind to be secure, and don't mind your data being exposed
(during transport) as a result of your backup system, maybe this isn't a
big concern for you.

> We want to reduce the load on the production servers.  Some clients need
> 4x daily backups, but for others nothing changes for months at a time.  
> The new system is only going to snapshot and archive only the changed
> versions, not every day.  All the zipping, sorting and file checking 
> will take place on backup machine, not on servers so we don't care how 
> greedy the process gets as long as the process pulling the mirror off 
> the production machine is as light as possible.  Is there something
> better than rsync for that?

rsync is a fine tool for that.  All I'm suggesting is you don't use rsyncd
for your data transport and that you use something more secure, eg ssh.

[rsyncd]
backup-server# rsync -avrP production::everything /backups/production/

  - relying on rsync for password (if used) and transport security
  - keys are stored plaintext (or not at all w/ your read-only rsyncd
    design)

becomes

[ssh]
production# RSYNC_RSH='ssh -c blowfish -i pathto/bkup-identity' rsync -avrP / backup-server:/backups/production/

  - relying on ssh for password (or identity key), and transport security
  - keys stored encrypted, (passwordless identities or via ssh-agent)

-- 
Ted Deppner
http://www.psyber.com/~ted/

Reply to:

References:
- Best way to duplicate HDs--talk more about rsync+ssh system
  - From: Patrick Hsieh <pahud@pahud.net>
- Re: Best way to duplicate HDs--talk more about rsync+ssh system
  - From: Jeff Waugh <jdub@perkypants.org>
- Re: Best way to duplicate HDs--talk more about rsync+ssh system
  - From: Patrick Hsieh <pahud@pahud.net>
- Re: Best way to duplicate HDs--talk more about rsync+ssh system
  - From: cfm@maine.com
- Re: Best way to duplicate HDs--talk more about rsync+ssh system
  - From: Ted Deppner <ted@psyber.com>
- Re: Best way to duplicate HDs--talk more about rsync+ssh system
  - From: cfm@maine.com

Prev by Date: Re: Best way to duplicate HDs
Next by Date: RE: long email names
Previous by thread: Re: Best way to duplicate HDs--talk more about rsync+ssh system
Next by thread: Re: Best way to duplicate HDs--talk more about rsync+ssh system
Index(es):
- Date
- Thread