Secure rsync over SSH without shell access

Summary

Rsync is one of the best local and remote syncing programs. However, there is one problem with it: it's unsecure when used over internet:

  • rsync protocol transfers data in plain text - meaning, it can be easily listened to by a middleman
  • rsync credential exchange is encrypted using a weak RC4/ARC4/ARCFOUR cipher)


Traditionally, this has been worked around by running rsync over SSH, which provides proper and secure encryption. Unfortunately it leads us to additional problems:

  • it requires giving shell access to the system
  • you're no longer able to use the rsync server with its versatile configuration options (chroot, read-only, different modules with different paths etc.)


Is there a way to have the best of two systems, meaning:

  • rsync runs as a proper daemon
  • rsync is only accessible over encrypted channel, without having to access any exotic software
  • no SSH shell access

?


Yes, there is - read on.


rsync config

The following will start rsync as a daemon with "all" module having access to everything on the server (/), read only, listening on localhost only.

Secrets file is a username:password pair, for example:

Make sure to chmod 600 /etc/rsync/rsyncd-backup.secrets - otherwise, rsync will refuse to use it.

SSH user with no shell access

  • create a normal user first:
  • add a key to user's .ssh/authorized_keys with the following content:

Explanation of terms:

no-port-forwarding - don't allow port forwarding no-agent-forwarding - don't allow agent forwarding no-X11-forwarding - don't allow X11 forwarding command="/bin/nc localhost 873" - force netcat to localhost on port 873 as an executed command


This way, SSH user will have no access to the shell.

Connecting from remote