| 1 |
On Fri, Nov 12, 2004 at 09:54:11AM -0600, Brian G. Peterson wrote: |
| 2 |
> |
| 3 |
> wouldn't public-key rsync over ssh be a lower CPU load option than rsync over |
| 4 |
> SSL? |
| 5 |
|
| 6 |
I don't think so, because internally ssh is using ssl. In both variants, |
| 7 |
rsync is generating a list of files and timestamps (maybe hashes too?), |
| 8 |
exchanges this over an encrypted connection (in both cases an ssl cipher) |
| 9 |
and finally transfers the files over an encrypted connection(tunneled by ssh or by stunnel). |
| 10 |
|
| 11 |
ssh (at least in newer versions) is using very strong ciphers by default, |
| 12 |
which stress the cpu even more (AES 256 or better). |
| 13 |
|
| 14 |
regards |
| 15 |
klaus |
| 16 |
|
| 17 |
ps. are there any plans for having a https site for gentoo, or |
| 18 |
the webservers, where the snapshots are put onto? |
| 19 |
|
| 20 |
>This option would also be suitable as a 'secure rsync' method for |
| 21 |
> remote users, if you wanted to push it out that far. I can see how CPU load |
| 22 |
> for remote users to tunnel rsync over SSL or ssh, but the connection between |
| 23 |
> the Gentoo rsync master and the mirrors could be secured this way. |
| 24 |
> |
| 25 |
> Regards, |
| 26 |
> |
| 27 |
> - Brian |
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-security@g.o mailing list |
Archives