rsync without "-e ssh". Still safe?

Micro420 · 12-20-2006, 12:13 AM

NOt sure if I made a mistake or not, but I was testing rsync and ran this command:

Code:

rsync -azvotg username@123.45.67.89:/home /home

I still got the SSH login asking for my password. Does that mean it is still secure and safe? I read somewhere that I was supposed to do:

Code:

rsync -azvotg -e ssh username@123.45.67.89:/home /home

My /var/log/auth.log still shows me signing on using the SSHD. So rsync by itself is okay, correct?

Bruce Hill · 12-20-2006, 03:41 AM

From "man rsync"

Code:

GENERAL
Rsync copies files either to or from a remote host, or locally on the current host (it does not support copying files
between two remote hosts).

There are two different ways for rsync to contact a remote system: using a remote-shell program as the transport (such as
ssh or rsh) or contacting an rsync daemon directly via TCP. The remote-shell transport is used whenever the source or des-
tination path contains a single colon (:) separator after a host specification. Contacting an rsync daemon directly happens
when the source or destination path contains a double colon (::) separator after a host specification, OR when an rsync://
URL is specified (see also the "USING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTION" section for an exception to this
latter rule).

As a special case, if a single source arg is specified without a destination, the files are listed in an output format simi-
lar to "ls -l".

As expected, if neither the source or destination path specify a remote host, the copy occurs locally (see also the --list-
only option).

SETUP
See the file README for installation instructions.

Once installed, you can use rsync to any machine that you can access via a remote shell (as well as some that you can access
using the rsync daemon-mode protocol). For remote transfers, a modern rsync uses ssh for its communications, but it may
have been configured to use a different remote shell by default, such as rsh or remsh.

The remote-shell transport is used whenever the source or destination path contains a single colon (

separator after a host specification. So I believe that is what happened in your case.

archtoad6 · 12-20-2006, 06:49 AM

My "man rsync" continues:

Quote:

Finally, it is possible to use a remote-shell transport to contact a remote host and then to spawn a single-use rsync daemon. This allows the use of some of the daemon features (such as named modules) without having to run a daemon as a service. To achieve this, invoke rsync with an explicit --rsh=COMMAND (aka "-e COMMAND") option combined with either the source or destination path specified as an rsync daemon (i.e. either a :: separator or an rsync:// URL). In this case, rsync contacts the remote host specified using the specified remote shell, and then starts a single-use rsync daemon to deal with that copy request. See the section "CONNECTING TO AN RSYNC DAEMON OVER A REMOTE SHELL PROGRAM" below.

Is this the "somewhere" where you read about -e ssh?

Micro420 · 12-20-2006, 12:35 PM

I read about the -e ssh on some tutorial that I googled up. So I see that it makes no difference if I use -e ssh or not, other than using the remote shell, which happens to be the same on my local end. I am using both Ubuntu 6.10 on both computers.