Shulou(Shulou.com)06/01 Report--

This article mainly introduces rsync how to achieve the designated ssh port for file synchronization, the article is very detailed, has a certain reference value, interested friends must read it!

A server has modified the default ssh port to port 34778 because of security requirements.

Therefore, when rsync uses ssh synchronization, it needs to specify the port of ssh.

Rsync provides a-e parameter

The function of the-e parameter is to allow users to freely choose the shell program they want to use to connect to the remote server, so it can also be set to use the default ssh to connect, so we can add the parameter of ssh.

The specific sentences are written as follows:

Rsync-e'ssh-p 34778' username@hostname:SourceFile DestFile

Single quotation marks, the purpose is to make the parameters within the quotation marks used by the commands within the quotation marks

Example:

Rsync-auz-e'ssh-p 43378' / data/svn/ root@192.168.1.254:/data/backup

Detailed explanation:

Through rsync, use the auz parameter, modify the port of ssh with-e, use the local / data/svn as the source data, and push the root user to the / data/backup directory of the remote server 192.168.1.254.

It should be noted that there is a big difference between the source directory and the target directory with a "/" ending.

The source directory ends with "/" and the destination directory does not, which means that all files in the source directory (/ data/svn/*) are synchronized to the destination directory (/ data/backup/*).

The source directory ends with "/" and the destination directory ends with "/", which means that the source directory is synchronized to the destination directory as a folder (/ data/backup/svn/*).

Default password vulnerability of port 873 rsync for port attack

1. Introduction:

Rsync is an application under Unix, which can synchronously update the files and directories of two computers and make appropriate use of differential coding to reduce data transmission.

2. Rsync usage tutorial:

Purpose:

As a mirror backup function.

Advantages:

Fast, can be compared with local files, differential backup.

Usage:

1. Copy / etc/ to / tmp/etc

Rsync-av / etc / tmp

2. Copy / etc of rsh.server to local / tmp

Rsync-av-e ssh user@rsh.server:/etc / tmp

3. Services provided through rsync (daemon), rsync uses port 873

Server: start rsync, look:

/ etc/xinetd.d/rsync

Edit:

/ etc/rsyncd.conf

Set the client connection account password

Client:rsync-av-user@hostname::/dir/path / local/path

The three modes differ in several semicolons:

Command:

Rsync [- avrlptgoD] [- e ssh] [user@hostIP:/dir] [/ local/path]

-v observation mode to output more information

-Q, in contrast to-v, displays only error messages

-r Recursive replication for directories

-u update only newer files

-l copy the properties of the connection

-p keep the attribute unchanged when copying

-g save the original group

-O preserve the original owner

-D save the properties of the original device

-t save the original time attribute

-I ignore the update time attribute, and file alignment is faster.

-z plus compression parameters

-e uses a protocol channel, such as ssh,-e ssh

-an is relative to-rlptgoD, so-an is the most commonly used

3. Security issues:

The default port of rsync is 873, and you can use nmap to scan whether IP is open or not.

Nmap-n-- open-p 873 x.x.x.x/24

After finding the open port, you can log in with the default password when viewing. Use the command to view:

Rsync-av x.x.x.xpurl:

Since you are synchronizing files, you naturally have the ability to view, upload or download, depending on the permission setting.

In the case of luck, the second kill site.

4. Considerations for security configuration

Pay attention to two ways of defense, one is to restrict access to the IP, and the other is not to allow anonymous access, add a user password.

Two ways to limit IP

IPTables firewall

Add an iptables to the port of rsync.

You only want to be able to access it from the internal network (192.168.101.0 Universe 24):

Iptables-An INPUT-I eth0-p tcp-s 192.168.101.0 state 24-- dport 873-m state-- state NEW,ESTABLISHED-j ACCEPT

Iptables-An OUTPUT-o eth0-p tcp-- sport 873-m state-- state ESTABLISHED-j ACCEPT

In addition, the hosts allow in rsyncd.conf can also be set to allow only the source ip.

Hosts allow = X.X.X.X # IP allowed to be accessed

Add user password

Add rsync user permission access, and note that you are configuring the following in rsyncd.conf:

Secrets file = / etc/rsyncd.secrets # password file location, authentication file settings, user name and password setting

Auth users = rsync # authorized account, authenticated user name, without this line indicates anonymity, separated by multiple users.

The above is all the contents of the article "how rsync implements the designated ssh port for file synchronization". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.