How can I secure connections between linux/unix rsync clients and cwRsync servers ?

Assuming that you want to synchronize from directory /home/user on *nix machine to directory c:\backup on Windows machine :

On Windows:
 

  • Install Copssh and cwRsync server. Use the same service account.
  • Start RsyncServer and OpenSSHD services
  • Activate a user and create a PKA key pair via Copssh control panel:

Create a PKA key pair with empty passphrase via Copssh Control Panel

 

  • Transfer user's private key file to Linux client.
  • Make sure that the user and the service account has write access to c:\backup
  • Add a new module to rsyncd.conf :

[backup]
path = /cygdrive/c/backup
read only = false
transfer logging = yes

On Linux:

  • Use shell script below after having it updated according to your needs:
#!/bin/bash
# Secure Channel Wrapper for connection to cwRsync servers from Linux/Unix clients
# v1.0 - Initial version, Sep 2005, Tevfik K., http://itefix.no

# Customize variables below according to your needs

# identity: private key file for user winuser
identity='winuser.key'

# localport: local port for forwarding
localport=9119

# remoteport: termination port (this should be the port rsync daemon listens to)
remoteport=873

# remotehost: cwRsync Server name/ip-adress
remotehost=192.168.2.26

# your rsync module at server side
rsyncmodule=backup

# Function to terminate secure tunnel processes
TerminateTunnel ()
{
ps ax | grep "ssh -i $identity -L $localport" | awk '{print $1}' | xargs -i kill {} 2&>/dev/null
}

# Clean up ... terminate zombie tunnels
TerminateTunnel

echo Establishing secure channel ...
ssh -i $identity -L $localport:127.0.0.1:$remoteport winuser@$remotehost -T -N -f

# your rsync command, you can edit:
# - rsync options (-av)
# - source files (temp/)
# - exchange source and destination
# - and more :-) Try and tell me!
rsync -vrt /home/user/ rsync://winuser@localhost:$localport/$rsyncmodule

echo Terminating secure channel ...
TerminateTunnel


NB! You must forward ssh port 22 to Windows machine at the edge of your secure network (your router/firewall). I recommend strongly to tighten security further by using options available in rsync and openssh (host limitations, secrets file ...).