Rsync Encryption

bichonfrise74 picture bichonfrise74 · Nov 30, 2009 · Viewed 37.7k times · Source

I know that rsync can enable / disable the ssh encryption protocol during the file transfer. So, if the ssh encryption protocol has been disabled, does it mean that rsync does not do any encryption at all?

Also, the reason why I asked the above question is we use the rsync module as part of our file transfer and there is nothing in the module that specifies that ssh encryption will be used.

If rsync does not use any encryption, then I can theoretically open a port on both source and destination machines and push the file from source to destination.

Answer

intgr picture intgr · Nov 30, 2009

If you use the rsync:// protocol scheme (i.e. when you connect to a rsyncd daemon) then no encryption will be used (although password authentication is done using a MD4-based challenge-response system and is probably still reasonably secure).

If you use the hostname:/some/path scheme then rsync transparently calls SSH, which encrypts everything, and uses SSH's native authentication mechanisms. As far as I can tell, some OpenSSH versions supported an option Ciphers null in the configuration file, but this has been removed in later versions.

Generally you shouldn't worry about encryption overhead, unless you are working in a 1 Gbit network or you have old computers.