Ssh – How to setup a public rsync and sftp server

I looked at scponly, rssh and various other solutions involving complex configuration and chroot jails, but I found MySecureShell to be easy to configure and able to provide exactly what I needed.

It's the only shell I found that could let me hide files based on Regular Expressions. That way I can show different users different views of the same file tree.
Along with a properly configured WinSCP client, it give remote users access to their files in a well integrated and familiar environment, almost just as if they were connecting to a local file server.

Now, there are no installation packages for RedHat/CentOS, which is a shame, but installing from source is trivial. You lose the benefit of automated updates though.

Unfortunately not directly. rsync requires a clean link with a shell that will allow it to start the remote copy of rsync, when run this way.

If you have some way of running long-lived listening processes on the host you could try starting rsync manually listening for connections on a non-privileged port, but most techniques for doing that would require proper shell access via SSH too, and it relies on the hosts firewall arrangements letting connections in on the port you chose (and the host having rsync installed in the first place). Running rsync as a publicly addressable service (rather than indirectly via SSH or similar) is not generally recommended for non-public data though.

If you host allows scripting in PHP or similar and does not have it locked down so extra processes can not be execed by user scripts, then you could try starting rsync in listening mode that way. If your end is connectible (you are running SSH accessible to the outside world) you could try this in reverse - have a script run rsync on the server but instead of listening for incoming connections have it contact your local service and sync that way. This still relies on rsync actually being installed on the host which is not a given, or that you can upload a working copy, but does not have the security implications of running an rsync daemon in a publicly addressable fashion and talking to it over an unencrypted channel.

Messing around as described above may be against the hosts policies though, even if it works at all, and could get you kicked off. You are better off asking if a full shell can be enabled for that account and either abandoning rsync for that host or abandoning that host and moving elsewhere if they will not do that.