1# NAME 2 3rsync-ssl - a helper script for connecting to an ssl rsync daemon 4 5# SYNOPSIS 6 7``` 8rsync-ssl [--type=SSL_TYPE] RSYNC_ARGS 9``` 10 11# DESCRIPTION 12 13The rsync-ssl script helps you to run an rsync copy to/from an rsync daemon 14that requires ssl connections. 15 16The script requires that you specify an rsync-daemon arg in the style of either 17`hostname::` (with 2 colons) or `rsync://hostname/`. The default port used for 18connecting is 874 (one higher than the normal 873) unless overridden in the 19environment. You can specify an overriding port via `--port` or by including 20it in the normal spot in the URL format, though both of those require your 21rsync version to be at least 3.2.0. 22 23# OPTIONS 24 25If the **first** arg is a `--type=SSL_TYPE` option, the script will only use 26that particular program to open an ssl connection instead of trying to find an 27openssl or stunnel executable via a simple heuristic (assuming that the 28`RSYNC_SSL_TYPE` environment variable is not set as well -- see below). This 29option must specify one of `openssl` or `stunnel`. The equal sign is 30required for this particular option. 31 32All the other options are passed through to the rsync command, so consult the 33**rsync**(1) manpage for more information on how it works. 34 35# ENVIRONMENT VARIABLES 36 37The ssl helper scripts are affected by the following environment variables: 38 390. `RSYNC_SSL_TYPE` Specifies the program type that should be used to open the 40 ssl connection. It must be one of `openssl` or `stunnel`. The 41 `--type=SSL_TYPE` option overrides this, when specified. 420. `RSYNC_SSL_PORT` If specified, the value is the port number that is used as 43 the default when the user does not specify a port in their rsync command. 44 When not specified, the default port number is 874. (Note that older rsync 45 versions (prior to 3.2.0) did not communicate an overriding port number 46 value to the helper script.) 470. `RSYNC_SSL_CERT` If specified, the value is a filename that contains a 48 certificate to use for the connection. 490. `RSYNC_SSL_CA_CERT` If specified, the value is a filename that contains a 50 certificate authority certificate that is used to validate the connection. 510. `RSYNC_SSL_OPENSSL` Specifies the openssl executable to run when the 52 connection type is set to openssl. If unspecified, the $PATH is searched 53 for "openssl". 540. `RSYNC_SSL_GNUTLS` Specifies the gnutls-cli executable to run when the 55 connection type is set to gnutls. If unspecified, the $PATH is searched 56 for "gnutls-cli". 570. `RSYNC_SSL_STUNNEL` Specifies the stunnel executable to run when the 58 connection type is set to stunnel. If unspecified, the $PATH is searched 59 first for "stunnel4" and then for "stunnel". 60 61# EXAMPLES 62 63> rsync-ssl -aiv example.com::mod/ dest 64 65> rsync-ssl --type=openssl -aiv example.com::mod/ dest 66 67> rsync-ssl -aiv --port 9874 example.com::mod/ dest 68 69> rsync-ssl -aiv rsync://example.com:9874/mod/ dest 70 71# SEE ALSO 72 73**rsync**(1), **rsyncd.conf**(5) 74 75# CAVEATS 76 77Note that using an stunnel connection requires at least version 4 of stunnel, 78which should be the case on modern systems. Also, it does not verify a 79connection against the CA certificate collection, so it only encrypts the 80connection without any cert validation unless you have specified the 81certificate environment options. 82 83This script also supports a `--type=gnutls` option, but at the time of this 84release the gnutls-cli command was dropping output, making it unusable. If 85that bug has been fixed in your version, feel free to put gnutls into an 86exported RSYNC_SSL_TYPE environment variable to make its use the default. 87 88# BUGS 89 90Please report bugs! See the web site at <https://rsync.samba.org/>. 91 92# VERSION 93 94This man page is current for version @VERSION@ of rsync. 95 96# CREDITS 97 98rsync is distributed under the GNU General Public License. See the file 99COPYING for details. 100 101A web site is available at <https://rsync.samba.org/>. The site includes an 102FAQ-O-Matic which may cover questions unanswered by this manual page. 103 104# AUTHOR 105 106This manpage was written by Wayne Davison. 107 108Mailing lists for support and development are available at 109<https://lists.samba.org/>. 110