Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
rsync-ssl(1)			 User Commands			  rsync-ssl(1)

NAME
       rsync-ssl - a helper script for connecting to an	ssl rsync daemon

SYNOPSIS
       rsync-ssl [--type=SSL_TYPE] RSYNC_ARGS

       The online version of this manpage (that	includes cross-linking of top-
       ics)   is   available  at  <https://download.samba.org/pub/rsync/rsync-
       ssl.1>.

DESCRIPTION
       The rsync-ssl script helps you to run an	rsync copy  to/from  an	 rsync
       daemon that requires ssl	connections.

       The  script  requires that you specify an rsync-daemon arg in the style
       of either hostname:: (with 2 colons) or rsync://hostname/.  The default
       port used for connecting	is 874 (one higher than	the normal 873)	unless
       overridden in the environment.  You can specify an overriding port  via
       --port  or by including it in the normal	spot in	the URL	format,	though
       both of those require your rsync	version	to be at least 3.2.0.

OPTIONS
       If the first arg	is a --type=SSL_TYPE option, the script	will only  use
       that  particular	program	to open	an ssl connection instead of trying to
       find an openssl or stunnel executable via a simple heuristic  (assuming
       that  the RSYNC_SSL_TYPE	environment variable is	not set	as well	-- see
       below).	This option must specify one of	openssl	or stunnel.  The equal
       sign is required	for this particular option.

       All the other options are passed	through	to the rsync command, so  con-
       sult the	rsync(1) manpage for more information on how it	works.

ENVIRONMENT VARIABLES
       The  ssl	helper scripts are affected by the following environment vari-
       ables:

       RSYNC_SSL_TYPE
	      Specifies	the program type that should be	used to	open  the  ssl
	      connection.   It	must  be  one  of  openssl  or	stunnel.   The
	      --type=SSL_TYPE option overrides this, when specified.

       RSYNC_SSL_PORT
	      If specified, the	value is the port number that is used  as  the
	      default  when  the  user	does not specify a port	in their rsync
	      command.	When not specified, the	default	port  number  is  874.
	      (Note  that older	rsync versions (prior to 3.2.0)	did not	commu-
	      nicate an	overriding port	number value to	the helper script.)

       RSYNC_SSL_CERT
	      If specified, the	value is a filename that contains  a  certifi-
	      cate to use for the connection.

       RSYNC_SSL_KEY
	      If  specified,  the  value is a filename that contains a key for
	      the provided certificate to use for the connection.

       RSYNC_SSL_CA_CERT
	      If specified, the	value is a filename that contains  a  certifi-
	      cate  authority certificate that is used to validate the connec-
	      tion.

       RSYNC_SSL_OPENSSL
	      Specifies	the openssl executable to run when the connection type
	      is set to	openssl.  If unspecified, the $PATH  is	 searched  for
	      "openssl".

       RSYNC_SSL_GNUTLS
	      Specifies	 the  gnutls-cli executable to run when	the connection
	      type is set to gnutls.  If unspecified, the  $PATH  is  searched
	      for "gnutls-cli".

       RSYNC_SSL_STUNNEL
	      Specifies	the stunnel executable to run when the connection type
	      is  set to stunnel.  If unspecified, the $PATH is	searched first
	      for "stunnel4" and then for "stunnel".

EXAMPLES
	   rsync-ssl -aiv example.com::mod/ dest

	   rsync-ssl --type=openssl -aiv example.com::mod/ dest

	   rsync-ssl -aiv --port 9874 example.com::mod/	dest

	   rsync-ssl -aiv rsync://example.com:9874/mod/	dest

THE SERVER SIDE
       For help	setting	up an SSL/TLS supporting rsync,	see  the  instructions
       in rsyncd.conf.

SEE ALSO
       rsync(1), rsyncd.conf(5)

CAVEATS
       Note  that  using  an stunnel connection	requires at least version 4 of
       stunnel,	which should be	the case on modern systems.  Also, it does not
       verify a	connection against the CA certificate collection, so  it  only
       encrypts	 the  connection  without  any cert validation unless you have
       specified the certificate environment options.

       This script also	supports a --type=gnutls option, but at	 the  time  of
       this  release the gnutls-cli command was	dropping output, making	it un-
       usable.	If that	bug has	been fixed in your version, feel free  to  put
       gnutls into an exported RSYNC_SSL_TYPE environment variable to make its
       use the default.

BUGS
       Please report bugs! See the web site at <https://rsync.samba.org/>.

VERSION
       This manpage is current for version 3.4.1 of rsync.

CREDITS
       Rsync  is  distributed  under  the GNU General Public License.  See the
       file COPYING for	details.

       A web site is available at <https://rsync.samba.org/>.	The  site  in-
       cludes an FAQ-O-Matic which may cover questions unanswered by this man-
       ual page.

AUTHOR
       This manpage was	written	by Wayne Davison.

       Mailing	 lists	 for   support	 and   development  are	 available  at
       <https://lists.samba.org/>.

rsync-ssl from rsync 3.4.1	  15 Jan 2025			  rsync-ssl(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rsync-ssl&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help