1 |
On Fri, Nov 12, 2004 at 09:54:11AM -0600, Brian G. Peterson wrote: |
2 |
> |
3 |
> wouldn't public-key rsync over ssh be a lower CPU load option than rsync over |
4 |
> SSL? |
5 |
|
6 |
I don't think so, because internally ssh is using ssl. In both variants, |
7 |
rsync is generating a list of files and timestamps (maybe hashes too?), |
8 |
exchanges this over an encrypted connection (in both cases an ssl cipher) |
9 |
and finally transfers the files over an encrypted connection(tunneled by ssh or by stunnel). |
10 |
|
11 |
ssh (at least in newer versions) is using very strong ciphers by default, |
12 |
which stress the cpu even more (AES 256 or better). |
13 |
|
14 |
regards |
15 |
klaus |
16 |
|
17 |
ps. are there any plans for having a https site for gentoo, or |
18 |
the webservers, where the snapshots are put onto? |
19 |
|
20 |
>This option would also be suitable as a 'secure rsync' method for |
21 |
> remote users, if you wanted to push it out that far. I can see how CPU load |
22 |
> for remote users to tunnel rsync over SSL or ssh, but the connection between |
23 |
> the Gentoo rsync master and the mirrors could be secured this way. |
24 |
> |
25 |
> Regards, |
26 |
> |
27 |
> - Brian |
28 |
|
29 |
-- |
30 |
gentoo-security@g.o mailing list |