Changes between Version 7 and Version 8 of RsyncSSL


Ignore:
Timestamp:
19.09.2017 15:50:07 (22 months ago)
Author:
dozzie
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RsyncSSL

    v7 v8  
    7373First of all, let's get rid of client ''stunnel''. 
    7474 
    75 ''stunnel'' can work in inetd-mode. This means, instead of listening on some 
     75''stunnel'' can work in inetd mode. This means, instead of listening on some 
    7676TCP port for plain-text connections it can take STDIN/STDOUT. Now think of how 
    7777''rsync'' works over SSH: `/usr/bin/rsync` spawns {{{ssh user@somehost}}}, 
     
    7979talks to `ssh`'s STDIN/STDOUT. 
    8080 
    81 Hey! That's exactly what inetd-mode is! Can we use `/usr/bin/stunnel` instead 
     81Hey! That's exactly what inetd mode is! Can we use `/usr/bin/stunnel` instead 
    8282of `/usr/bin/ssh`? Of course we can. This is what `rsync` has the ''--rsh'' 
    8383option for. 
     
    9292first. 
    9393 
    94 As a bonus you'll get automatic reloading of any changes in `rsyncd.conf` that 
    95 doesn't kill currently established connections. Looks like a win-win to me. 
     94==== Technical details ==== 
     95 
     96To detect whether it is executed in inetd-like manner, `rsync --daemon` checks 
     97if its STDIN (file descriptor 0) is a socket. If yes, this socket is used for 
     98reading and writing, and STDOUT is closed. 
     99 
     100Note that while the socket can be created in any manner (e.g. `accept(2)`, 
     101`connect(2)`, `socketpair(2)`, protocol AF_INET, AF_INET6, AF_UNIX), a regular 
     102pipe (`pipe(2)`) won't do, and `rsync --daemon` will try to listen on a TCP 
     103port on its own.