Geek Answers Handbook

How safe is rsync to use in daemon mode without ssh

As we know, we can use rsync via ssh to send files between computers, especially on different networks (for example, the Internet) in order to have some secure transfers. (this is correct, and we all agree with him)

and, as you know, rsync does not provide any security when transferring data in the usual way, so we use ssh as the cover.

So, the idea !.

If we use rsync in daemon mode (for example, on a linux backup server located in England) and we start backing up data from Linux computers (for example, from France) using an internet line without using ssh (just use regular rsync daemon)

Example:

rsync -vazi --progress source rsync:// user@england-server.example.com /somefolder/

So the question is:

Do you think this is a safe way?

If not, is there anyone who knows what we transfer and what file contents we transfer?

is there also a chance to catch the password we entered when rsync request for rsync user password?

I know that using ssh or stunnel is safer. but I really want to learn more about why it is safe during normal use, especially when we are rsync data between computers over the Internet.

and thanks for any answers.

+7
source share
3 answers

Rsync operations without SSH are unsafe because the protocol and the software itself do not include content encryption. Therefore, if there is a person in the middle, he can read / copy what you create. Authentication can also be read.

You should consider using SSH or VPN between your production and backup network.

+3
source

When using SSH, you get not only privacy, but also authentication.

Confidentiality ensures that no one can see your data because it is sent over the Internet. Authentication ensures that you are actually connected to the correct server (the person in the middle attack, for example, the one mentioned). If your data is not so important, you can say something like "Hey, no one is going to steal my data, it is not so important."

The security issue that really bothers me is the lack of authentication when you just run rsync without authentication. This means that anyone can connect and send data to or from your computer. Imagine that someone is sitting somewhere between the servers, and they see an unauthorized connection, recording data through rsync. Now they know how to log into your server and upload and receive information. You just created a free anonymous dump file for everyone. This may not seem like a big problem until people start using it for illegal purposes or simply dump the virus / rootkit onto your computer.

In my opinion, there is no risk level 1-10 that can quantify this risk, it is simply unacceptable. A port scan only requires a port scan, and a script vulnerability can find the vulnerability.

+1
source

you can also use "hosts allow = xxx.xxx.xxx.xxx" in the rsyncd.con module. Even if the attacker gets his hands on the user / password, he only allows connection to this host.

-one
source

More articles:


All Articles