1# NAME
2
3rsync-ssl - a helper script for connecting to an ssl rsync daemon
4
5# SYNOPSIS
6
7```
8rsync-ssl [--type=SSL_TYPE] RSYNC_ARGS
9```
10
11# DESCRIPTION
12
13The rsync-ssl script helps you to run an rsync copy to/from an rsync daemon
14that requires ssl connections.
15
16The script requires that you specify an rsync-daemon arg in the style of either
17`hostname::` (with 2 colons) or `rsync://hostname/`.  The default port used for
18connecting is 874 (one higher than the normal 873) unless overridden in the
19environment.  You can specify an overriding port via `--port` or by including
20it in the normal spot in the URL format, though both of those require your
21rsync version to be at least 3.2.0.
22
23# OPTIONS
24
25If the **first** arg is a `--type=SSL_TYPE` option, the script will only use
26that particular program to open an ssl connection instead of trying to find an
27openssl or stunnel executable via a simple heuristic (assuming that the
28`RSYNC_SSL_TYPE` environment variable is not set as well -- see below).  This
29option must specify one of `openssl` or `stunnel`.  The equal sign is
30required for this particular option.
31
32All the other options are passed through to the rsync command, so consult the
33**rsync**(1) manpage for more information on how it works.
34
35# ENVIRONMENT VARIABLES
36
37The ssl helper scripts are affected by the following environment variables:
38
390.  `RSYNC_SSL_TYPE` Specifies the program type that should be used to open the
40    ssl connection.  It must be one of `openssl` or `stunnel`.  The
41    `--type=SSL_TYPE` option overrides this, when specified.
420.  `RSYNC_SSL_PORT` If specified, the value is the port number that is used as
43    the default when the user does not specify a port in their rsync command.
44    When not specified, the default port number is 874.  (Note that older rsync
45    versions (prior to 3.2.0) did not communicate an overriding port number
46    value to the helper script.)
470.  `RSYNC_SSL_CERT` If specified, the value is a filename that contains a
48    certificate to use for the connection.
490.  `RSYNC_SSL_CA_CERT` If specified, the value is a filename that contains a
50    certificate authority certificate that is used to validate the connection.
510.  `RSYNC_SSL_OPENSSL` Specifies the openssl executable to run when the
52    connection type is set to openssl.  If unspecified, the $PATH is searched
53    for "openssl".
540.  `RSYNC_SSL_GNUTLS` Specifies the gnutls-cli executable to run when the
55    connection type is set to gnutls.  If unspecified, the $PATH is searched
56    for "gnutls-cli".
570.  `RSYNC_SSL_STUNNEL` Specifies the stunnel executable to run when the
58    connection type is set to stunnel.  If unspecified, the $PATH is searched
59    first for "stunnel4" and then for "stunnel".
60
61# EXAMPLES
62
63>     rsync-ssl -aiv example.com::mod/ dest
64
65>     rsync-ssl --type=openssl -aiv example.com::mod/ dest
66
67>     rsync-ssl -aiv --port 9874 example.com::mod/ dest
68
69>     rsync-ssl -aiv rsync://example.com:9874/mod/ dest
70
71# SEE ALSO
72
73**rsync**(1), **rsyncd.conf**(5)
74
75# CAVEATS
76
77Note that using an stunnel connection requires at least version 4 of stunnel,
78which should be the case on modern systems.  Also, it does not verify a
79connection against the CA certificate collection, so it only encrypts the
80connection without any cert validation unless you have specified the
81certificate environment options.
82
83This script also supports a `--type=gnutls` option, but at the time of this
84release the gnutls-cli command was dropping output, making it unusable.  If
85that bug has been fixed in your version, feel free to put gnutls into an
86exported RSYNC_SSL_TYPE environment variable to make its use the default.
87
88# BUGS
89
90Please report bugs! See the web site at <https://rsync.samba.org/>.
91
92# VERSION
93
94This man page is current for version @VERSION@ of rsync.
95
96# CREDITS
97
98rsync is distributed under the GNU General Public License.  See the file
99COPYING for details.
100
101A web site is available at <https://rsync.samba.org/>.  The site includes an
102FAQ-O-Matic which may cover questions unanswered by this manual page.
103
104# AUTHOR
105
106This manpage was written by Wayne Davison.
107
108Mailing lists for support and development are available at
109<https://lists.samba.org/>.
110