Re: rsync over lan

To: debian-user@lists.debian.org
Subject: Re: rsync over lan
From: tyler <tyler.smith@mail.mcgill.ca>
Date: Wed, 10 Sep 2008 10:25:35 -0300
Message-id: <[🔎] 873ak8uo8g.fsf@blackbart.sedgenet>
References: <[🔎] 877i9kvlx4.fsf@blackbart.sedgenet> <[🔎] 48C72541.8060105@sbcglobal.net>

Mike McCarty <Mike.McCarty@sbcglobal.net> writes:

> tyler wrote:
>
> [I use my lan to]
>> do the backup from my user account as:
>>
>> rsync -av --include-from=/home/tyler/rsync_includes /
>>   etch.mynetwork:/home/tyler/laptop
>>
>> Then the ownerships all get set to tyler tyler, even when they are
>> originally root root. In order to preserve the ownerships, I have to run
>> the above command as root, which requires that I configure sshd on the
>> desktop to accept root logins. Even behind a NAT router, that doesn't
>> seem like a good idea. Am I missing something?
>
> Often, rsync is used like this only with dedicated LAN ports, not
> through a bridge. In that case, you simply use fixed IP addresses
> with the dedicated ports, and use hosts.allow and hosts.deny to
> set up security. In that way, unless you have an actual breach
> of one of the host machines itself (as opposed to simply compromise
> of the bridge) you don't get a problem. You use a different domain
> for the dedicated local connections, e.g. 192 on the NAT LAN, and
> 172 for the dedicated ports. Then make sure that the LAN domain
> is denied for the dedicated ports. The dedicated ports may
> then be connected via a crossover cable, or if you want a few
> machines, then via an ethernet hub. It is key not to connect
> the bridge and the hub together. Then only allow root login
> from the dedicated ports. I'm not expert on these matters, so
> I don't know the details of how to set that up. Perhaps it's
> as simple as where you permit an NFS mount to come from.
>

Thanks. This seems a little involved given my LAN is composed of exactly
three computers, my laptop, my desktop, and my wife's laptop, which
never leaves the house. Given what Celejar reported wrt root logins for
sshd, I'm thinking I may just leave the root login set to yes, but set
it to accept only key authentication, rather than actual password
logins.

Thanks,

Tyler


-- 
Recording a pay-per-view broadcast to watch later will be illegal under
Bill C-61. 

http://www.michaelgeist.ca/content/view/3049/125/

Reply to:

References:
- rsync over lan
  - From: tyler <tyler.smith@mail.mcgill.ca>
- Re: rsync over lan
  - From: Mike McCarty <Mike.McCarty@sbcglobal.net>

Prev by Date: Re: Getting Minimum Required Packages from Windows
Next by Date: Video with Etch Chroot on amd64?
Previous by thread: Re: rsync over lan
Next by thread: Re: rsync over lan
Index(es):
- Date
- Thread