Hi all,

I've hooked up a backup-host to a server with a nic-to-nic link, over
which I intend to use rsync to mirror directories. The link is
considered `safe'. I need to run rsync as root to preserve permissions
on the mirrored files/directories, but I'm not happy allowing for the r*
commands (rsh, rlogin...) on the backup-host.

Now the question is: Is there any way I can use SSH to encrypt only the
authentication process but not the data-stream? The amount of mirrored
data can be substantial, and I see a big difference in CPU activity on
both hosts and elapsed time when I use rsync with ssh as compared to
rsh. (I did try to nfs-mount the server on the backup-host and run the
rsync there, but this proved to be much slower than running rsync
host-to-host......in case you wondered..... ;^)

TIA,

Translucent

Translucent wrote:
> Hi all,
>
> I've hooked up a backup-host to a server with a nic-to-nic link, over
> which I intend to use rsync to mirror directories. The link is
> considered `safe'. I need to run rsync as root to preserve permissions
> on the mirrored files/directories, but I'm not happy allowing for the r*
> commands (rsh, rlogin...) on the backup-host.
>
> Now the question is: Is there any way I can use SSH to encrypt only the
> authentication process but not the data-stream? The amount of mirrored
> data can be substantial, and I see a big difference in CPU activity on
> both hosts and elapsed time when I use rsync with ssh as compared to
> rsh. (I did try to nfs-mount the server on the backup-host and run the
> rsync there, but this proved to be much slower than running rsync
> host-to-host......in case you wondered..... ;^)
>
> TIA,
>
> Translucent

I would try changing the ssh cipher. Blowfish and arcfour use less cpu
than the preferred defaults of aes and 3des. Some ssh's support "none"
as a cipher too.

rsync -e "ssh -c none" ...

Chuck wrote:
> Translucent wrote:
>> Hi all,
>>
>> I've hooked up a backup-host to a server with a nic-to-nic link, over
>> which I intend to use rsync to mirror directories. The link is
>> considered `safe'. I need to run rsync as root to preserve permissions
>> on the mirrored files/directories, but I'm not happy allowing for the r*
>> commands (rsh, rlogin...) on the backup-host.
>>
>> Now the question is: Is there any way I can use SSH to encrypt only the
>> authentication process but not the data-stream? The amount of mirrored
>> data can be substantial, and I see a big difference in CPU activity on
>> both hosts and elapsed time when I use rsync with ssh as compared to
>> rsh. (I did try to nfs-mount the server on the backup-host and run the
>> rsync there, but this proved to be much slower than running rsync
>> host-to-host......in case you wondered..... ;^)
>>
>> TIA,
>>
>> Translucent
>
> I would try changing the ssh cipher. Blowfish and arcfour use less cpu
> than the preferred defaults of aes and 3des. Some ssh's support "none"
> as a cipher too.
>
> rsync -e "ssh -c none" ...

In addition, you don't *have* to use ssh for the transport at all. You
could use any shell you want.

Translucent wrote:

> Hi all,
>
> I've hooked up a backup-host to a server with a nic-to-nic link, over
> which I intend to use rsync to mirror directories. The link is
> considered `safe'. I need to run rsync as root to preserve permissions
> on the mirrored files/directories, but I'm not happy allowing for the r*
> commands (rsh, rlogin...) on the backup-host.
>
> Now the question is: Is there any way I can use SSH to encrypt only the
> authentication process but not the data-stream? The amount of mirrored
> data can be substantial, and I see a big difference in CPU activity on
> both hosts and elapsed time when I use rsync with ssh as compared to
> rsh. (I did try to nfs-mount the server on the backup-host and run the
> rsync there, but this proved to be much slower than running rsync
> host-to-host......in case you wondered..... ;^)

If there is nothing else on the network connection, just use s bare
rsync daemon and carefully handle the hosts allowed to access each
other.