LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Rsync: Is it smarter to push, or smarter to pull? (http://www.linuxquestions.org/questions/linux-security-4/rsync-is-it-smarter-to-push-or-smarter-to-pull-751883/)

bubnoff 09-01-2009 02:59 PM

Rsync: Is it smarter to push, or smarter to pull?
 
I've heard some time ago that you should always pull from
the destination rather than push from the source. Can't recall
the reasoning ...seems that there would be risk involved either way.

Like many of you, I am syncing to a web server and am just curious
as to which method you choose and why.

I am using this command on a cron job:
Code:

rsync -az -e ssh --delete ~/goodies/* fakeuser@fakehost:/webroot/blah/
Should I be pulling from the server instead of pushing from the client?

Also, what is your take on passphrase-less keys a la ssh-keygen?

This maneuver has to be scripted as the content is auto-generated from
a database and refreshed every Monday. If you know of a more secure way
to script/schedule this without using passphrase-less ssh keys or some
clumsy expect script, your advice would be much appreciated.

Thanks for reading!

Bub

anomie 09-01-2009 03:05 PM

Quote:

Originally Posted by bubnoff
Should I be pulling from the server instead of pushing from the client?

Whether pushing or pulling, the source should be the volatile (changing) directory. Also, do not select a destination that you can't afford to lose data on if you're using rsync's --delete option.

Quote:

Originally Posted by bubnoff
Also, what is your take on passphrase-less keys a la ssh-keygen?

They're handy and I use them. Keep the host / account that has access to the private keys safe.

bubnoff 09-01-2009 04:30 PM

scp vs. rsync
 
Thanks, I'll ditch the --delete option.

One last question; other than rsync only syncing changes, does it have other advantages over scp?

These are small files to begin with.

Thanks!

Bub

ShadowCat8 09-01-2009 04:42 PM

Well, IMHO, rsync is a *lot* more fault-tolerant from a network end than scp is. If you lose a few packets from an rsync transfer, or even take a full network-hiccup, the rsync will hold it's session and be able to continue it's transfer if the network comes back before it's full timeout is reached.

Scp tends to error directly out if the connection is broken at any time. (At least that is my experience.)

HTH.

unixfool 09-02-2009 10:54 PM

Quote:

Originally Posted by bubnoff (Post 3665860)

Also, what is your take on passphrase-less keys a la ssh-keygen?

http://www.debian-administration.org/articles/152

http://www.mikehan.com/ssh/advanced.html (Keys without Passphrases section)

http://blogs.verilab.com/partain/200...sword-rap.html (summary at the bottom of the page)

This is a big no-no and goes against basic security. SSH is only as safe as the private key. If that doesn't have a passphrase and someone gains a copy, they've the keys to the kingdom, provided they know which door it goes to (then again, if they've gained your key, they probably have an inkling of where to use it). A lot of people take the easy way out by not using passphrases on their keys, instead of using ssh-agent. IMO, ssh-agent is the better way...it was created to assist in remote access without having to always enter a passphrase.

bubnoff 09-03-2009 01:27 PM

Thanks! I will look into using the ssh-agent.

Bub

spinachwong 03-22-2013 02:19 AM

push instead of pull: Rsync can push data just as well as it can pull it. It is possible to have all servers push their backups to the backup server instead of the backup server pulling the data from them. I personally don't like this approach because it means that all your servers have the key to your backup server instead of the other way around and because you have to engineer a much more complicated way of doing the rotations as well as making sure you don't have 20 servers trying to back themselves up at the same time which would flood the backup server.

source: http://www.sanitarium.net/golug/rsync_backups_2010.html


All times are GMT -5. The time now is 11:42 AM.