Can we use rsyncd.conf to restrict rsync over ssh?
I had a look at the restricted rsync script, rrsync, which is mentioned in man rsync
. Basically the client rsync
command seems to pass all of its options through, to the remote rsync
command that it runs over SSH. rrsync
is a 200+ line perl script that people use, to restrict which paths and options the server allows. My initial reaction to this is "arrgh". It does not help that the rsync
documentation is deliberately vague about how the --server
option is actually used.
I also found a 2016 bug report showing a massive security hole in rrsync
. It is still not fixed.
:-(
I would prefer to define legal targets and options using rsyncd.conf
. At the same time, I want to use SSH encryption and authentication to protect my connection to the rsync server.
It looks like I can do this using an ~/.authorized_keys
with a dedicated SSH key, and options to restrict it like command="/usr/bin/rsync --server --daemon --config=./rsyncd.conf .",restrict
. Then I can run my rsync
client command using the daemon syntax: rsync -e "ssh" "$SOURCE_PATH" "$SSH_HOST"::"$RSYNC_MODULE"/"$DEST_PATH"
.
(If you don't use SSH keys, you could do the same thing using a dedicated user, /etc/sshd_config
, Match, and ForceCommand. There is currently no equivalent of the blanket restrict
though, you have to disable all the permissions individually).
Does this work reliably?
I tested a few different options. My rsync
command seems to consistently launch rsync --server --daemon .
, even if I add options to the client command like -vlogDtprze.iLsf --numeric-ids
.
Question: Can I rely on the above? Or contrawise, is there some case where the client might need to launch the daemon server using a different set of options?
Is the third argument - .
- ever set to anything else? What does it do??
rsync
add a comment |
I had a look at the restricted rsync script, rrsync, which is mentioned in man rsync
. Basically the client rsync
command seems to pass all of its options through, to the remote rsync
command that it runs over SSH. rrsync
is a 200+ line perl script that people use, to restrict which paths and options the server allows. My initial reaction to this is "arrgh". It does not help that the rsync
documentation is deliberately vague about how the --server
option is actually used.
I also found a 2016 bug report showing a massive security hole in rrsync
. It is still not fixed.
:-(
I would prefer to define legal targets and options using rsyncd.conf
. At the same time, I want to use SSH encryption and authentication to protect my connection to the rsync server.
It looks like I can do this using an ~/.authorized_keys
with a dedicated SSH key, and options to restrict it like command="/usr/bin/rsync --server --daemon --config=./rsyncd.conf .",restrict
. Then I can run my rsync
client command using the daemon syntax: rsync -e "ssh" "$SOURCE_PATH" "$SSH_HOST"::"$RSYNC_MODULE"/"$DEST_PATH"
.
(If you don't use SSH keys, you could do the same thing using a dedicated user, /etc/sshd_config
, Match, and ForceCommand. There is currently no equivalent of the blanket restrict
though, you have to disable all the permissions individually).
Does this work reliably?
I tested a few different options. My rsync
command seems to consistently launch rsync --server --daemon .
, even if I add options to the client command like -vlogDtprze.iLsf --numeric-ids
.
Question: Can I rely on the above? Or contrawise, is there some case where the client might need to launch the daemon server using a different set of options?
Is the third argument - .
- ever set to anything else? What does it do??
rsync
add a comment |
I had a look at the restricted rsync script, rrsync, which is mentioned in man rsync
. Basically the client rsync
command seems to pass all of its options through, to the remote rsync
command that it runs over SSH. rrsync
is a 200+ line perl script that people use, to restrict which paths and options the server allows. My initial reaction to this is "arrgh". It does not help that the rsync
documentation is deliberately vague about how the --server
option is actually used.
I also found a 2016 bug report showing a massive security hole in rrsync
. It is still not fixed.
:-(
I would prefer to define legal targets and options using rsyncd.conf
. At the same time, I want to use SSH encryption and authentication to protect my connection to the rsync server.
It looks like I can do this using an ~/.authorized_keys
with a dedicated SSH key, and options to restrict it like command="/usr/bin/rsync --server --daemon --config=./rsyncd.conf .",restrict
. Then I can run my rsync
client command using the daemon syntax: rsync -e "ssh" "$SOURCE_PATH" "$SSH_HOST"::"$RSYNC_MODULE"/"$DEST_PATH"
.
(If you don't use SSH keys, you could do the same thing using a dedicated user, /etc/sshd_config
, Match, and ForceCommand. There is currently no equivalent of the blanket restrict
though, you have to disable all the permissions individually).
Does this work reliably?
I tested a few different options. My rsync
command seems to consistently launch rsync --server --daemon .
, even if I add options to the client command like -vlogDtprze.iLsf --numeric-ids
.
Question: Can I rely on the above? Or contrawise, is there some case where the client might need to launch the daemon server using a different set of options?
Is the third argument - .
- ever set to anything else? What does it do??
rsync
I had a look at the restricted rsync script, rrsync, which is mentioned in man rsync
. Basically the client rsync
command seems to pass all of its options through, to the remote rsync
command that it runs over SSH. rrsync
is a 200+ line perl script that people use, to restrict which paths and options the server allows. My initial reaction to this is "arrgh". It does not help that the rsync
documentation is deliberately vague about how the --server
option is actually used.
I also found a 2016 bug report showing a massive security hole in rrsync
. It is still not fixed.
:-(
I would prefer to define legal targets and options using rsyncd.conf
. At the same time, I want to use SSH encryption and authentication to protect my connection to the rsync server.
It looks like I can do this using an ~/.authorized_keys
with a dedicated SSH key, and options to restrict it like command="/usr/bin/rsync --server --daemon --config=./rsyncd.conf .",restrict
. Then I can run my rsync
client command using the daemon syntax: rsync -e "ssh" "$SOURCE_PATH" "$SSH_HOST"::"$RSYNC_MODULE"/"$DEST_PATH"
.
(If you don't use SSH keys, you could do the same thing using a dedicated user, /etc/sshd_config
, Match, and ForceCommand. There is currently no equivalent of the blanket restrict
though, you have to disable all the permissions individually).
Does this work reliably?
I tested a few different options. My rsync
command seems to consistently launch rsync --server --daemon .
, even if I add options to the client command like -vlogDtprze.iLsf --numeric-ids
.
Question: Can I rely on the above? Or contrawise, is there some case where the client might need to launch the daemon server using a different set of options?
Is the third argument - .
- ever set to anything else? What does it do??
rsync
rsync
edited Mar 6 at 12:10
sourcejedi
asked Mar 4 at 16:35
sourcejedisourcejedi
25.5k445110
25.5k445110
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Yes, I think this is a fairly safe assumption.
It is the natural way for it to work. Although they avoided documenting these details, it is likely it will continue to work the same in future versions. The command-line options for rsync --server
are effectively part of the network protocol, and this is generally backwards-compatible.
- Source code
- "Literature review" (several recommendations, no negative feedback)
1. Source code
The source code seems fairly clear that in "daemon_over_rsh" mode, it always runs the server side with the command-line options --server --daemon .
, and nothing else.
(I expect there is an option to run a different rsync
, e.g. /home/alan/rsync-custom-build/rsync
. But you would already know if you were doing that).
options.c
2390 void server_options(char **args, int *argc_p)
2391 {
2392 static char argstr[64];
2393 int ac = *argc_p;
2394 uchar where;
2395 char *arg;
2396 int i, x;
2397
2398 /* This should always remain first on the server's command-line. */
2399 args[ac++] = "--server";
2400
2401 if (daemon_over_rsh > 0) {
2402 args[ac++] = "--daemon";
2403 *argc_p = ac;
2404 /* if we're passing --daemon, we're done */
2405 return;
2406 }
main.c
512 server_options(args,&argc);
513
514 if (argc >= MAX_ARGS - 2)
515 goto arg_overflow;
516 }
517
518 args[argc++] = ".";
519
520 if (!daemon_over_rsh) {
...
534 }
535
536 args[argc] = NULL;
Is the third argument -
.
- ever set to anything else? What does it do??
No. It does not do anything.
At least one non-option argument is required. Without it, rsync
will print the --help
message and return exit code 1. Although when I run rsync --server --daemon
, the help message is written to the system log instead of to standard error (i.e. the terminal).
Although it is required, the non-option argument to rsync --server --daemon
is completely ignored.
1661 if (argc < 1) {
1662 usage(FERROR);
1663 exit_cleanup(RERR_SYNTAX);
1664 }
1665
1666 if (am_server) {
1667 set_nonblocking(STDIN_FILENO);
1668 set_nonblocking(STDOUT_FILENO);
1669 if (am_daemon)
1670 return start_daemon(STDIN_FILENO, STDOUT_FILENO);
1671 start_server(STDIN_FILENO, STDOUT_FILENO, argc, argv);
1672 }
2. "Literature review"
Google search terms:
- rsync daemon server (sshd_config forcecommand) OR (authorized_keys command)
- rsync daemon mode over ssh
I scanned the first page of results. I found several positive recommendations, and no negative feedback about this specific concern. The lack of negative feedback is not strong evidence. The security hole in rrsync
seems a much more significant issue to me, but I only found it because I searched for ' "rrsync" munge links '. And Google isn't finding any external references to it, only the bug report itself.
- https://gist.github.com/trendels/6582e95012f6c7fc6542
- https://indico.cern.ch/event/577279/contributions/2354037/attachments/1366772/2071442/Hepsysman-keeping-in-sync.pdf
- https://serverfault.com/questions/6367/cant-get-rsync-to-work-in-daemon-over-ssh-mode
- Unusual variant using a dedicated user with a custom shell, instead of
command=""
/ForceCommand
, for some reason: http://mennucc1.debian.net/howto-ssh-rsyncd.html
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f504301%2fcan-we-use-rsyncd-conf-to-restrict-rsync-over-ssh%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, I think this is a fairly safe assumption.
It is the natural way for it to work. Although they avoided documenting these details, it is likely it will continue to work the same in future versions. The command-line options for rsync --server
are effectively part of the network protocol, and this is generally backwards-compatible.
- Source code
- "Literature review" (several recommendations, no negative feedback)
1. Source code
The source code seems fairly clear that in "daemon_over_rsh" mode, it always runs the server side with the command-line options --server --daemon .
, and nothing else.
(I expect there is an option to run a different rsync
, e.g. /home/alan/rsync-custom-build/rsync
. But you would already know if you were doing that).
options.c
2390 void server_options(char **args, int *argc_p)
2391 {
2392 static char argstr[64];
2393 int ac = *argc_p;
2394 uchar where;
2395 char *arg;
2396 int i, x;
2397
2398 /* This should always remain first on the server's command-line. */
2399 args[ac++] = "--server";
2400
2401 if (daemon_over_rsh > 0) {
2402 args[ac++] = "--daemon";
2403 *argc_p = ac;
2404 /* if we're passing --daemon, we're done */
2405 return;
2406 }
main.c
512 server_options(args,&argc);
513
514 if (argc >= MAX_ARGS - 2)
515 goto arg_overflow;
516 }
517
518 args[argc++] = ".";
519
520 if (!daemon_over_rsh) {
...
534 }
535
536 args[argc] = NULL;
Is the third argument -
.
- ever set to anything else? What does it do??
No. It does not do anything.
At least one non-option argument is required. Without it, rsync
will print the --help
message and return exit code 1. Although when I run rsync --server --daemon
, the help message is written to the system log instead of to standard error (i.e. the terminal).
Although it is required, the non-option argument to rsync --server --daemon
is completely ignored.
1661 if (argc < 1) {
1662 usage(FERROR);
1663 exit_cleanup(RERR_SYNTAX);
1664 }
1665
1666 if (am_server) {
1667 set_nonblocking(STDIN_FILENO);
1668 set_nonblocking(STDOUT_FILENO);
1669 if (am_daemon)
1670 return start_daemon(STDIN_FILENO, STDOUT_FILENO);
1671 start_server(STDIN_FILENO, STDOUT_FILENO, argc, argv);
1672 }
2. "Literature review"
Google search terms:
- rsync daemon server (sshd_config forcecommand) OR (authorized_keys command)
- rsync daemon mode over ssh
I scanned the first page of results. I found several positive recommendations, and no negative feedback about this specific concern. The lack of negative feedback is not strong evidence. The security hole in rrsync
seems a much more significant issue to me, but I only found it because I searched for ' "rrsync" munge links '. And Google isn't finding any external references to it, only the bug report itself.
- https://gist.github.com/trendels/6582e95012f6c7fc6542
- https://indico.cern.ch/event/577279/contributions/2354037/attachments/1366772/2071442/Hepsysman-keeping-in-sync.pdf
- https://serverfault.com/questions/6367/cant-get-rsync-to-work-in-daemon-over-ssh-mode
- Unusual variant using a dedicated user with a custom shell, instead of
command=""
/ForceCommand
, for some reason: http://mennucc1.debian.net/howto-ssh-rsyncd.html
add a comment |
Yes, I think this is a fairly safe assumption.
It is the natural way for it to work. Although they avoided documenting these details, it is likely it will continue to work the same in future versions. The command-line options for rsync --server
are effectively part of the network protocol, and this is generally backwards-compatible.
- Source code
- "Literature review" (several recommendations, no negative feedback)
1. Source code
The source code seems fairly clear that in "daemon_over_rsh" mode, it always runs the server side with the command-line options --server --daemon .
, and nothing else.
(I expect there is an option to run a different rsync
, e.g. /home/alan/rsync-custom-build/rsync
. But you would already know if you were doing that).
options.c
2390 void server_options(char **args, int *argc_p)
2391 {
2392 static char argstr[64];
2393 int ac = *argc_p;
2394 uchar where;
2395 char *arg;
2396 int i, x;
2397
2398 /* This should always remain first on the server's command-line. */
2399 args[ac++] = "--server";
2400
2401 if (daemon_over_rsh > 0) {
2402 args[ac++] = "--daemon";
2403 *argc_p = ac;
2404 /* if we're passing --daemon, we're done */
2405 return;
2406 }
main.c
512 server_options(args,&argc);
513
514 if (argc >= MAX_ARGS - 2)
515 goto arg_overflow;
516 }
517
518 args[argc++] = ".";
519
520 if (!daemon_over_rsh) {
...
534 }
535
536 args[argc] = NULL;
Is the third argument -
.
- ever set to anything else? What does it do??
No. It does not do anything.
At least one non-option argument is required. Without it, rsync
will print the --help
message and return exit code 1. Although when I run rsync --server --daemon
, the help message is written to the system log instead of to standard error (i.e. the terminal).
Although it is required, the non-option argument to rsync --server --daemon
is completely ignored.
1661 if (argc < 1) {
1662 usage(FERROR);
1663 exit_cleanup(RERR_SYNTAX);
1664 }
1665
1666 if (am_server) {
1667 set_nonblocking(STDIN_FILENO);
1668 set_nonblocking(STDOUT_FILENO);
1669 if (am_daemon)
1670 return start_daemon(STDIN_FILENO, STDOUT_FILENO);
1671 start_server(STDIN_FILENO, STDOUT_FILENO, argc, argv);
1672 }
2. "Literature review"
Google search terms:
- rsync daemon server (sshd_config forcecommand) OR (authorized_keys command)
- rsync daemon mode over ssh
I scanned the first page of results. I found several positive recommendations, and no negative feedback about this specific concern. The lack of negative feedback is not strong evidence. The security hole in rrsync
seems a much more significant issue to me, but I only found it because I searched for ' "rrsync" munge links '. And Google isn't finding any external references to it, only the bug report itself.
- https://gist.github.com/trendels/6582e95012f6c7fc6542
- https://indico.cern.ch/event/577279/contributions/2354037/attachments/1366772/2071442/Hepsysman-keeping-in-sync.pdf
- https://serverfault.com/questions/6367/cant-get-rsync-to-work-in-daemon-over-ssh-mode
- Unusual variant using a dedicated user with a custom shell, instead of
command=""
/ForceCommand
, for some reason: http://mennucc1.debian.net/howto-ssh-rsyncd.html
add a comment |
Yes, I think this is a fairly safe assumption.
It is the natural way for it to work. Although they avoided documenting these details, it is likely it will continue to work the same in future versions. The command-line options for rsync --server
are effectively part of the network protocol, and this is generally backwards-compatible.
- Source code
- "Literature review" (several recommendations, no negative feedback)
1. Source code
The source code seems fairly clear that in "daemon_over_rsh" mode, it always runs the server side with the command-line options --server --daemon .
, and nothing else.
(I expect there is an option to run a different rsync
, e.g. /home/alan/rsync-custom-build/rsync
. But you would already know if you were doing that).
options.c
2390 void server_options(char **args, int *argc_p)
2391 {
2392 static char argstr[64];
2393 int ac = *argc_p;
2394 uchar where;
2395 char *arg;
2396 int i, x;
2397
2398 /* This should always remain first on the server's command-line. */
2399 args[ac++] = "--server";
2400
2401 if (daemon_over_rsh > 0) {
2402 args[ac++] = "--daemon";
2403 *argc_p = ac;
2404 /* if we're passing --daemon, we're done */
2405 return;
2406 }
main.c
512 server_options(args,&argc);
513
514 if (argc >= MAX_ARGS - 2)
515 goto arg_overflow;
516 }
517
518 args[argc++] = ".";
519
520 if (!daemon_over_rsh) {
...
534 }
535
536 args[argc] = NULL;
Is the third argument -
.
- ever set to anything else? What does it do??
No. It does not do anything.
At least one non-option argument is required. Without it, rsync
will print the --help
message and return exit code 1. Although when I run rsync --server --daemon
, the help message is written to the system log instead of to standard error (i.e. the terminal).
Although it is required, the non-option argument to rsync --server --daemon
is completely ignored.
1661 if (argc < 1) {
1662 usage(FERROR);
1663 exit_cleanup(RERR_SYNTAX);
1664 }
1665
1666 if (am_server) {
1667 set_nonblocking(STDIN_FILENO);
1668 set_nonblocking(STDOUT_FILENO);
1669 if (am_daemon)
1670 return start_daemon(STDIN_FILENO, STDOUT_FILENO);
1671 start_server(STDIN_FILENO, STDOUT_FILENO, argc, argv);
1672 }
2. "Literature review"
Google search terms:
- rsync daemon server (sshd_config forcecommand) OR (authorized_keys command)
- rsync daemon mode over ssh
I scanned the first page of results. I found several positive recommendations, and no negative feedback about this specific concern. The lack of negative feedback is not strong evidence. The security hole in rrsync
seems a much more significant issue to me, but I only found it because I searched for ' "rrsync" munge links '. And Google isn't finding any external references to it, only the bug report itself.
- https://gist.github.com/trendels/6582e95012f6c7fc6542
- https://indico.cern.ch/event/577279/contributions/2354037/attachments/1366772/2071442/Hepsysman-keeping-in-sync.pdf
- https://serverfault.com/questions/6367/cant-get-rsync-to-work-in-daemon-over-ssh-mode
- Unusual variant using a dedicated user with a custom shell, instead of
command=""
/ForceCommand
, for some reason: http://mennucc1.debian.net/howto-ssh-rsyncd.html
Yes, I think this is a fairly safe assumption.
It is the natural way for it to work. Although they avoided documenting these details, it is likely it will continue to work the same in future versions. The command-line options for rsync --server
are effectively part of the network protocol, and this is generally backwards-compatible.
- Source code
- "Literature review" (several recommendations, no negative feedback)
1. Source code
The source code seems fairly clear that in "daemon_over_rsh" mode, it always runs the server side with the command-line options --server --daemon .
, and nothing else.
(I expect there is an option to run a different rsync
, e.g. /home/alan/rsync-custom-build/rsync
. But you would already know if you were doing that).
options.c
2390 void server_options(char **args, int *argc_p)
2391 {
2392 static char argstr[64];
2393 int ac = *argc_p;
2394 uchar where;
2395 char *arg;
2396 int i, x;
2397
2398 /* This should always remain first on the server's command-line. */
2399 args[ac++] = "--server";
2400
2401 if (daemon_over_rsh > 0) {
2402 args[ac++] = "--daemon";
2403 *argc_p = ac;
2404 /* if we're passing --daemon, we're done */
2405 return;
2406 }
main.c
512 server_options(args,&argc);
513
514 if (argc >= MAX_ARGS - 2)
515 goto arg_overflow;
516 }
517
518 args[argc++] = ".";
519
520 if (!daemon_over_rsh) {
...
534 }
535
536 args[argc] = NULL;
Is the third argument -
.
- ever set to anything else? What does it do??
No. It does not do anything.
At least one non-option argument is required. Without it, rsync
will print the --help
message and return exit code 1. Although when I run rsync --server --daemon
, the help message is written to the system log instead of to standard error (i.e. the terminal).
Although it is required, the non-option argument to rsync --server --daemon
is completely ignored.
1661 if (argc < 1) {
1662 usage(FERROR);
1663 exit_cleanup(RERR_SYNTAX);
1664 }
1665
1666 if (am_server) {
1667 set_nonblocking(STDIN_FILENO);
1668 set_nonblocking(STDOUT_FILENO);
1669 if (am_daemon)
1670 return start_daemon(STDIN_FILENO, STDOUT_FILENO);
1671 start_server(STDIN_FILENO, STDOUT_FILENO, argc, argv);
1672 }
2. "Literature review"
Google search terms:
- rsync daemon server (sshd_config forcecommand) OR (authorized_keys command)
- rsync daemon mode over ssh
I scanned the first page of results. I found several positive recommendations, and no negative feedback about this specific concern. The lack of negative feedback is not strong evidence. The security hole in rrsync
seems a much more significant issue to me, but I only found it because I searched for ' "rrsync" munge links '. And Google isn't finding any external references to it, only the bug report itself.
- https://gist.github.com/trendels/6582e95012f6c7fc6542
- https://indico.cern.ch/event/577279/contributions/2354037/attachments/1366772/2071442/Hepsysman-keeping-in-sync.pdf
- https://serverfault.com/questions/6367/cant-get-rsync-to-work-in-daemon-over-ssh-mode
- Unusual variant using a dedicated user with a custom shell, instead of
command=""
/ForceCommand
, for some reason: http://mennucc1.debian.net/howto-ssh-rsyncd.html
edited Mar 6 at 12:41
answered Mar 4 at 17:58
sourcejedisourcejedi
25.5k445110
25.5k445110
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f504301%2fcan-we-use-rsyncd-conf-to-restrict-rsync-over-ssh%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown