Before you begin using Secure Rsync
You must generate and apply an SSH key for use.
Secure Rsync requirements
- If you have already applied an SSH key to an applicable upload account, this key can also be used. However, for added security, it is recommended that a unique key be used.
- You must know the Upload Domain Name associated with the target storage group.
- You must have an Rsync client installed
on your local system.
- The Rsync tab in the Access Methods section of the NetStorage Groups UI is NOT used if you wish to use Secure Rsync. That functionality only applies to the use of Non-secure Rsync.
- If you intend to use an existing SSH key for connection, you will need to know the “Passphrase” associated with it, if one has been applied to it. If you don’t know the passphrase, you’ll need to create a new SSH key pair.
How are Rsync commands issued?
Rsync commands are issued via a Terminal Session (Linux/UNIX-based OS) or a terminal session emulator such as Cygwin (Windows OS).
Regardless of the type of command used, various values must be set in the syntax when using Secure Rsync:
- Call the Rsync
SSHCommand Option: The Rsync command option
-e sshmust be included in the syntax.
- Call Out the “Private Key” - You will
need to include the
-ioption along with the Rsync SSH command option (above), and include the path to the private key on your local system. Additionally, the entire “ssh” segment must be enclosed in quotes:
-e "ssh -i /<path>/<Private Key File>".
- Username - When providing the
username, the value
sshacsmust be used. (This is the case for all Secure Access Methods in NetStorage.)
Additional requirements for Secure Rsync
If you are using Secure Rsync, you should also meet the following requirements:
- OpenSSH version 6.7 (or later) - For multi-threading and higher window sizes. (See additional information on the OpenSSH.)
- High Performance Network Patches (Recommended) - These patches are applied to remove a networking bottleneck that exists in the base OpenSSH code. Additional details are available via an FAQ.
- Is the client CPU maxing out? This is unlikely if you are using a wide-area network, but if it does happen, you can use the multi-threaded AES-CTR cipher if that meets your security needs. (This is discussed in the FAQ above.)