LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 09-01-2009, 02:59 PM   #1
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Rep: Reputation: 16
Rsync: Is it smarter to push, or smarter to pull?


I've heard some time ago that you should always pull from
the destination rather than push from the source. Can't recall
the reasoning ...seems that there would be risk involved either way.

Like many of you, I am syncing to a web server and am just curious
as to which method you choose and why.

I am using this command on a cron job:
Code:
rsync -az -e ssh --delete ~/goodies/* fakeuser@fakehost:/webroot/blah/
Should I be pulling from the server instead of pushing from the client?

Also, what is your take on passphrase-less keys a la ssh-keygen?

This maneuver has to be scripted as the content is auto-generated from
a database and refreshed every Monday. If you know of a more secure way
to script/schedule this without using passphrase-less ssh keys or some
clumsy expect script, your advice would be much appreciated.

Thanks for reading!

Bub
 
Old 09-01-2009, 03:05 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by bubnoff
Should I be pulling from the server instead of pushing from the client?
Whether pushing or pulling, the source should be the volatile (changing) directory. Also, do not select a destination that you can't afford to lose data on if you're using rsync's --delete option.

Quote:
Originally Posted by bubnoff
Also, what is your take on passphrase-less keys a la ssh-keygen?
They're handy and I use them. Keep the host / account that has access to the private keys safe.
 
Old 09-01-2009, 04:30 PM   #3
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
scp vs. rsync

Thanks, I'll ditch the --delete option.

One last question; other than rsync only syncing changes, does it have other advantages over scp?

These are small files to begin with.

Thanks!

Bub
 
Old 09-01-2009, 04:42 PM   #4
ShadowCat8
Member
 
Registered: Nov 2004
Location: Arcadia, CA
Distribution: Gentoo, Arch, (RedHat4.x-9.x, FedoraCore 1.x-4.x, Debian Potato-Sarge, LFS 6.0, etc.)
Posts: 209

Rep: Reputation: 43
Well, IMHO, rsync is a *lot* more fault-tolerant from a network end than scp is. If you lose a few packets from an rsync transfer, or even take a full network-hiccup, the rsync will hold it's session and be able to continue it's transfer if the network comes back before it's full timeout is reached.

Scp tends to error directly out if the connection is broken at any time. (At least that is my experience.)

HTH.
 
Old 09-02-2009, 10:54 PM   #5
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by bubnoff View Post

Also, what is your take on passphrase-less keys a la ssh-keygen?
http://www.debian-administration.org/articles/152

http://www.mikehan.com/ssh/advanced.html (Keys without Passphrases section)

http://blogs.verilab.com/partain/200...sword-rap.html (summary at the bottom of the page)

This is a big no-no and goes against basic security. SSH is only as safe as the private key. If that doesn't have a passphrase and someone gains a copy, they've the keys to the kingdom, provided they know which door it goes to (then again, if they've gained your key, they probably have an inkling of where to use it). A lot of people take the easy way out by not using passphrases on their keys, instead of using ssh-agent. IMO, ssh-agent is the better way...it was created to assist in remote access without having to always enter a passphrase.

Last edited by unixfool; 09-02-2009 at 11:01 PM.
 
Old 09-03-2009, 01:27 PM   #6
bubnoff
Member
 
Registered: Jun 2009
Location: Northwest
Distribution: Slackware
Posts: 43

Original Poster
Rep: Reputation: 16
Thanks! I will look into using the ssh-agent.

Bub
 
Old 03-22-2013, 02:19 AM   #7
spinachwong
LQ Newbie
 
Registered: Mar 2013
Posts: 2

Rep: Reputation: Disabled
push instead of pull: Rsync can push data just as well as it can pull it. It is possible to have all servers push their backups to the backup server instead of the backup server pulling the data from them. I personally don't like this approach because it means that all your servers have the key to your backup server instead of the other way around and because you have to engineer a much more complicated way of doing the rotations as well as making sure you don't have 20 servers trying to back themselves up at the same time which would flood the backup server.

source: http://www.sanitarium.net/golug/rsync_backups_2010.html
 
  


Closed Thread

Tags
rsync, rsync+ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ should come up with a smarter way of ranking users rob124 LQ Suggestions & Feedback 70 01-29-2010 11:34 PM
ssh is smarter than I am rbees Linux - Security 3 02-22-2009 07:23 AM
Smarter Eclipse Diff Tool?? student04 Linux - Software 0 02-14-2008 03:08 PM
making a smarter shut down scripts zymos Linux - General 4 05-10-2006 01:00 PM
knoppix is smarter than i am soylentgreen Slackware 14 08-05-2005 01:35 PM


All times are GMT -5. The time now is 01:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration