1rsync-ssl(1) User Commands rsync-ssl(1)
2
3
4
6 rsync-ssl - a helper script for connecting to an ssl rsync daemon
7
9 rsync-ssl [--type=SSL_TYPE] RSYNC_ARGS
10
11 The online version of this manpage (that includes cross-linking of top‐
12 ics) is available at https://download.samba.org/pub/rsync/rsync-ssl.1.
13
15 The rsync-ssl script helps you to run an rsync copy to/from an rsync
16 daemon that requires ssl connections.
17
18 The script requires that you specify an rsync-daemon arg in the style
19 of either hostname:: (with 2 colons) or rsync://hostname/. The default
20 port used for connecting is 874 (one higher than the normal 873) unless
21 overridden in the environment. You can specify an overriding port via
22 --port or by including it in the normal spot in the URL format, though
23 both of those require your rsync version to be at least 3.2.0.
24
26 If the first arg is a --type=SSL_TYPE option, the script will only use
27 that particular program to open an ssl connection instead of trying to
28 find an openssl or stunnel executable via a simple heuristic (assuming
29 that the RSYNC_SSL_TYPE environment variable is not set as well -- see
30 below). This option must specify one of openssl or stunnel. The equal
31 sign is required for this particular option.
32
33 All the other options are passed through to the rsync command, so con‐
34 sult the rsync(1) manpage for more information on how it works.
35
37 The ssl helper scripts are affected by the following environment vari‐
38 ables:
39
40 RSYNC_SSL_TYPE
41 Specifies the program type that should be used to open the ssl
42 connection. It must be one of openssl or stunnel. The
43 --type=SSL_TYPE option overrides this, when specified.
44
45 RSYNC_SSL_PORT
46 If specified, the value is the port number that is used as the
47 default when the user does not specify a port in their rsync
48 command. When not specified, the default port number is 874.
49 (Note that older rsync versions (prior to 3.2.0) did not commu‐
50 nicate an overriding port number value to the helper script.)
51
52 RSYNC_SSL_CERT
53 If specified, the value is a filename that contains a certifi‐
54 cate to use for the connection.
55
56 RSYNC_SSL_KEY
57 If specified, the value is a filename that contains a key for
58 the provided certificate to use for the connection.
59
60 RSYNC_SSL_CA_CERT
61 If specified, the value is a filename that contains a certifi‐
62 cate authority certificate that is used to validate the connec‐
63 tion.
64
65 RSYNC_SSL_OPENSSL
66 Specifies the openssl executable to run when the connection type
67 is set to openssl. If unspecified, the $PATH is searched for
68 "openssl".
69
70 RSYNC_SSL_GNUTLS
71 Specifies the gnutls-cli executable to run when the connection
72 type is set to gnutls. If unspecified, the $PATH is searched
73 for "gnutls-cli".
74
75 RSYNC_SSL_STUNNEL
76 Specifies the stunnel executable to run when the connection type
77 is set to stunnel. If unspecified, the $PATH is searched first
78 for "stunnel4" and then for "stunnel".
79
81 rsync-ssl -aiv example.com::mod/ dest
82
83 rsync-ssl --type=openssl -aiv example.com::mod/ dest
84
85 rsync-ssl -aiv --port 9874 example.com::mod/ dest
86
87 rsync-ssl -aiv rsync://example.com:9874/mod/ dest
88
90 For help setting up an SSL/TLS supporting rsync, see the instructions
91 in rsyncd.conf.
92
94 rsync(1), rsyncd.conf(5)
95
97 Note that using an stunnel connection requires at least version 4 of
98 stunnel, which should be the case on modern systems. Also, it does not
99 verify a connection against the CA certificate collection, so it only
100 encrypts the connection without any cert validation unless you have
101 specified the certificate environment options.
102
103 This script also supports a --type=gnutls option, but at the time of
104 this release the gnutls-cli command was dropping output, making it un‐
105 usable. If that bug has been fixed in your version, feel free to put
106 gnutls into an exported RSYNC_SSL_TYPE environment variable to make its
107 use the default.
108
110 Please report bugs! See the web site at https://rsync.samba.org/.
111
113 This manpage is current for version 3.2.7 of rsync.
114
116 Rsync is distributed under the GNU General Public License. See the
117 file COPYING for details.
118
119 A web site is available at https://rsync.samba.org/. The site includes
120 an FAQ-O-Matic which may cover questions unanswered by this manual
121 page.
122
124 This manpage was written by Wayne Davison.
125
126 Mailing lists for support and development are available at
127 https://lists.samba.org/.
128
129
130
131rsync-ssl from rsync 3.2.7 20 Oct 2022 rsync-ssl(1)