Basically what I'm asking is, has anyone come across a means by which to wrap rsync inside ssh.
With OpenSSH v4.9+ sftp has some nice options that allow you to chroot the incoming connection and such – and that's a solution that I would look at, however I'm stuck with RHEL, and neither RHEL4 or RHEL5 are upto that version of ssh.
My current solution is to add something like this to the server-side using the client user's key…
server% cat ~/.ssh/authorized_keys command="cd /srv/rsync/etl && tar --exclude './lost+found' -pcf - ./" ssh-rsa...
…and so the client would then be restricted to one thing and one thing only…
client% ssh -T -i ${HOME}/.ssh/id_rsa oracle@database.com > sensative.tar
This secures the connection, as well as the server (from the client), however is inefficient as all files will be retrieved over and over again.
I'm after doing something similar (or just better) using rsync.
Best Answer
Rsync supports using ssh as a transport
some older versions of rsync require you to specify ssh explicitly
An alternative to using rsync is B. C. Pierce's Unison, which has similar functionality to rsync, but keeps a local index at both ends to avoid having to walk the filesystem to calculate the deltas