I am wanting to run rsync over an SSL/TLS encrypted connection. It does not do this directly so I am exploring options. The stunnel program looks promising, although more complicated than designed due to the need to hop connections with the -r option. However, I do find there is a -l option to run a program. I am assuming this works by having two processes, one to carry out the SSL/TLS work, and one to be the worker which the client is communicating to. These would then communicate by a pipe pair or two way socket between them.
What struck me as odd when I surveyed a number of web pages to see how to properly set this up is that whether running as a standalone daemon, or under a super daemon like inetd, the arguments for rsync are the same. How does rsync --daemon know whether it should open a socket and listen on it for many connections, or just service one connection by communicating with the stdin/stdout descriptors is has when it starts up (which really would go through the extra process to handle the encryption, description, and SSL/TLS protocol layer)?
And then I need to find a way to wrap the client to have it do SSL/TLS in one simple command (as opposed to connection hopping that stunnel seems to favor).
rsync has an
--rshoption to spawn stunnel and use stdin/stdout on the client side and stunnel has anexecoption to spawn rsync on the server side - combining these two will get you what you want. See dozzie's rsync over SSL for some further information and readily available scripts to run this config (needs git to download).From the section on
--daemonin thersync(1)man page:You can see the command line arguments that apply to daemon mode by running: