[ec2-beta] document: EC2 Ubuntu sudo Guide

Soren Hansen soren at ubuntu.com
Tue Mar 10 16:50:33 GMT 2009

On Mon, Mar 09, 2009 at 05:43:36AM -0500, Michael Greenly wrote:
> Deciding to open more ports and run an extra service all of the time
> is a significant overall weakening of system security. 

rsync on Ubuntu does not start rsyncd by default.

> I'm not exactly sure of the difference between running rsync over ssh
> vs connecting directly to rsyncd but I suspect that it broadens the
> attack surface to include rsync specific code and not just ssh code.

rsync over ssh tunnels rsync traffic through ssh, so you need to be able
to authenticate against ssh before you reach rsync, so it's not
reasonably a new attack vector.

Soren Hansen                 | 
Lead Virtualisation Engineer | Ubuntu Server Team
Canonical Ltd.               | http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/mailman/private/ec2/attachments/20090310/4e2f1421/attachment-0002.pgp 

More information about the Ec2-beta mailing list