Using Rsync and SSH

<p><pre><code> changing the line (and what follows is just one line with badly similated line wrapping) from this: ssh-dss AAAAB3NzaC1kc3MAAAEBAKYJenaYvMG3nHwWxKwlWLjHb77CT2hXwmC8Ap... to this [4]: from=&quot;10.1.1.1&quot;,command=&quot;&#x2F;home&#x2F;remoteuser&#x2F;cron&#x2F;validate-rsync&quot; ssh-dss AAAAB3Nza... [...] script that looks something like this : #!&#x2F;bin&#x2F;sh case &quot;$SSH_ORIGINAL_COMMAND&quot; in *\&amp;*) echo &quot;Rejected&quot; ;; *\(*) echo &quot;Rejected&quot; ;; # ... rsync\ --server*) $SSH_ORIGINAL_COMMAND ;; *) echo &quot;Rejected&quot; ;; esac </code></pre> All this and later comments is why one <i>should not</i> use SSH for batch jobs, and for unsupervised rsync file transfer in particular. Using SSH as a transport makes too complex system, and the script above is a fine example of getting it almost correct, but not quite (not using STDERR and not signaling an error with exit code are but two things that are wrong with the script).<p>Wrapping rsync in stunnel (<a href="http:&#x2F;&#x2F;dozzie.jarowit.net&#x2F;trac&#x2F;wiki&#x2F;RsyncSSL" rel="nofollow">http:&#x2F;&#x2F;dozzie.jarowit.net&#x2F;trac&#x2F;wiki&#x2F;RsyncSSL</a>) is much saner approach.